Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
huaweiHuawei TechnologiesHUAWEI-SA-20180720-01-MOBILE
HistoryJul 20, 2018 - 12:00 a.m.

Security Advisory - Authentication Bypass Vulnerability in Some Huawei Mobile Phones

2018-07-2000:00:00
Huawei Technologies
www.huawei.com
21

4.4 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

3.9 Low

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:P/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

0.0004 Low

EPSS

Percentile

12.7%

JSON

There is an authentication bypass vulnerability in some Huawei mobile phones. An attacker could trick the user to connect to a malicious device. In the debug mode, the malicious software in the device may exploit the vulnerability to bypass some specific function. Successful exploit may cause some malicious applications to be installed in the mobile phones. (Vulnerability ID: HWPSIRT-2018-05087)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2018-7947.

Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180720-01-mobile-en

Affected configurations

Vulners
Node
huaweiwarsaw-al00Range<9.1.0.122
OR
huaweiatomu-al00bRange<8.0.0.213
OR
huaweiatomu-l03Range<8.0.0.159
OR
huaweiatomu-l11Range<8.0.0.149
OR
huaweiatomu-l21Range<8.0.0.153
OR
huaweiatomu-l23Range<8.0.0.162
OR
huaweiatomu-l29aRange<8.0.0.149
OR
huaweiatomu-l29aRange<8.0.0.149
OR
huaweiatomu-l29aRange<8.0.0.150
OR
huaweiatomu-l29aRange<8.0.0.165
OR
huaweiatomu-l41Range<8.0.0.151
OR
huaweiatomu-l42Range<8.0.0.153
OR
huaweiberkeley-tl10Range<9.0.0.181
OR
huaweidelhi-l42Range<Delhi-L42C185B123
OR
huaweidelhi-l42Range<Delhi-L42C432B136
OR
huaweiduke-l09Matchduke-l09c10b187
OR
huaweiduke-l09Matchduke-l09c432b189
OR
huaweiduke-l09Matchduke-l09c636b189
OR
huaweifigo-al10bMatch8.0.0.173
OR
huaweifigo-l03Match8.0.0.137
OR
huaweifigo-l11Match8.0.0.135
OR
huaweifigo-l11Range<9.1.0.122
OR
huaweifigo-l21Match8.0.0.135
OR
huaweifigo-l21Range<9.1.0.130
OR
huaweifigo-l23Range<9.1.0.130
OR
huaweifigo-l31Range<9.1.0.122
OR
huaweifigo-l31Range<9.1.0.122
OR
huaweifigo-l31Range<9.1.0.122
OR
huaweifigo-l31Range<9.1.0.130
OR
huaweifigo-l31Range<9.1.0.130
OR
huaweifigo-tl00aMatch8.0.0.173
OR
huaweiflorida-al10bMatch8.0.0.120
OR
huaweiflorida-al10bRange<9.1.0.121
OR
huaweiflorida-l03Match8.0.0.126
OR
huaweiflorida-l21Match8.0.0.128
OR
huaweiflorida-l21Range<9.1.0.115
OR
huaweiflorida-l21Range<9.1.0.120
OR
huaweiflorida-l22Range<9.1.0.120
OR
huaweiflorida-l23Range<9.1.0.121
OR
huaweiflorida-tl00aMatch8.0.0.120
OR
huaweiflorida-tl10bRange<9.1.0.121
OR
huaweinova_2Match8.0.0.123
OR
huaweihuawei_p20Range<8.1.0.153
OR
huaweihuawei_y6_prime_2018Range<8.0.0.151
OR
huaweihuawei_nova_2sRange<9.0.1.150
OR
huaweijimmy-tl00aRange<Jimmy-AL00AC00B172
OR
huaweijimmy-l22hnRange<Jimmy-L22HNC432B136
OR
huaweijimmy-tl00aRange<Jimmy-TL00AC01B172
OR
huaweilon-l29dMatchlon-l29dc721b192
OR
huaweivicky-al00aRange<8.0.0.183
OR
huaweileland-l21aRange<8.0.0.132
OR
huaweileland-l21aRange<8.0.0.135
OR
huaweileland-l22aRange<8.0.0.202
OR
huaweileland-l22cRange<8.0.0.202
OR
huaweileland-l31aRange<8.0.0.139
OR
huaweileland-l42aRange<8.0.0.194
OR
huaweileland-l42cRange<8.0.0.194
OR
huaweileland-tl10bRange<8.0.0.183
OR
huaweilelandp-al00cRange<8.0.0.132
OR
huaweilelandp-l22cRange<8.0.0.130
OR
huaweilelandp-l22dRange<8.0.0.130
OR
huaweilondon-al00bRange<8.0.0.221
OR
huaweilondon-al30aRange<8.0.0.221
OR
huaweilondon-al30iMatch8.0.0.150
OR
huaweilondon-l22Range<8.0.0.147
OR
huaweilondon-l29Range<8.0.0.134
OR
huaweilondon-l29Range<8.0.0.137
OR
huaweilondon-l29Range<8.0.0.143
OR
huaweilondon-l29Range<8.0.0.145
OR
huaweistanford-l09Matchstanford-al00c00b123
OR
huaweitoronto-l21aRange<Toronto-L21AC185B181CUSTC185D001
OR
huaweitoronto-l21aRange<Toronto-L21AC636B169CUSTC636D001

Related

nvd 1
prion 1
cve 1
cvelist 1
nvd
nvd
CVE-2018-7947
2018-07-31 14:29:00
prion
prion
Authentication flaw
2018-07-31 14:29:00
cve
cve
CVE-2018-7947
2018-07-31 14:29:00
cvelist
cvelist
CVE-2018-7947
2018-07-31 14:00:00

4.4 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

3.9 Low

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:P/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

0.0004 Low

EPSS

Percentile

12.7%

JSON
Related for HUAWEI-SA-20180720-01-MOBILE
nvd1prion1cve1cvelist1