Lucene search

Huawei TechnologiesHUAWEI-SA-20181121-01-PHONE

HistoryNov 21, 2018 - 12:00 a.m.

Security Advisory - Information Leak Vulnerability in Some Huawei Smartphones

2018-11-2100:00:00

Huawei Technologies

www.huawei.com

1.9 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

4.3 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

29.1%

JSON

There is an information leak vulnerability in some Huawei smartphones. An attacker may do some specific configuration in the smartphone and trick a user into inputting some sensitive information. Due to improper design, successful exploit may cause some information leak. (Vulnerability ID: HWPSIRT-2018-09002)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2018-7946.

Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181121-01-phone-en

Affected configurations

Vulners

Node

huaweialp-al00bRange<9.0.0.156

huaweialp-l09Range<9.0.0.159

huaweialp-l29Range<9.0.0.159

huaweialp-l29Range<9.0.0.160

huaweiwarsaw-al00Range<8.0.0.168

huaweiatomu-al10bRange<8.0.0.195

huaweiatomu-l03Range<8.0.0.145

huaweiatomu-l11Range<8.0.0.144

huaweiatomu-l21Range<8.0.0.144

huaweiatomu-l23Range<8.0.0.146

huaweiatomu-l29aRange<8.0.0.137

huaweiatomu-l29aRange<8.0.0.142

huaweiatomu-l29aRange<8.0.0.143

huaweiatomu-l29aRange<8.0.0.162

huaweiatomu-l41Range<8.0.0.143

huaweiatomu-l42Range<8.0.0.143

huaweiatomu-tl10bRange<8.0.0.195

huaweibla-a09Range<8.0.0.127

huaweibla-al00bRange<9.0.0.156

huaweibla-l09cRange<8.0.0.140

huaweibla-l09cRange<8.0.0.156

huaweibla-l09cRange<9.0.0.159

huaweibla-l29cRange<8.0.0.140

huaweibla-l29cRange<8.0.0.151

huaweibla-l29cRange<8.0.0.156

huaweibla-l29cRange<9.0.0.159

huaweiberkeley-al20Range<8.0.0.202

huaweiberkeley-l09Range<8.0.0.172

huaweifigo-al10bRange<8.0.0.178

huaweifigo-l03Range<8.0.0.147

huaweifigo-l11Range<8.0.0.137

huaweifigo-l21Range<8.0.0.139

huaweifigo-l23Range<8.0.0.144

huaweifigo-l31Range<8.0.0.162

huaweiflorida-al10bRange<8.0.0.172

huaweiflorida-l03Range<8.0.0.133

huaweiflorida-l21Range<8.0.0.127

huaweiflorida-l21Range<8.0.0.129

huaweiflorida-l22Range<8.0.0.128

huaweiflorida-l23Range<8.0.0.138

huaweipc_smart_full_sceneRange<8.0.0.132

huaweipc_smart_full_sceneRange<8.0.0.138

huaweipc_smart_full_sceneRange<8.0.0.112

huaweihuawei_p20Range<8.0.0.155

huaweihuawei_y6_2018Range<8.0.0.148

huaweihuawei_y6_prime_2018Range<8.0.0.144

huaweihuawei_y7_2018Range<8.0.0.160

huaweihuawei_y7_2018Range<8.0.0.146

huaweihuawei_nova_3eRange<8.0.0.166

huaweihonor_view_10Range<8.1.0.131

huaweijimmy-l22hnRange<Jimmy-L22HNC432B136

huaweivicky-al00aRange<8.0.0.182

huaweileland-l21aRange<8.0.0.133

huaweileland-l21aRange<8.0.0.134

huaweileland-l31aRange<8.0.0.138

huaweilelandp-l22cRange<9.1.0.118

huaweilondon-al30aRange<8.0.0.215

huaweilondon-al40Range<8.0.0.215

huaweiselina-l02Range<Selina-L02C432B161

huaweitoronto-l21Range<Toronto-L21C09B163CUSTC09D001

huaweitoronto-l21Range<Toronto-L21C10B175CUSTC10D001

huaweitoronto-l21Range<Toronto-L21C432B179CUSTC432D001

huaweitoronto-l22Range<Toronto-L22C636B186CUSTC636D001

huaweildn-al20Range<8.0.0.215

huaweihonor_9iRange<8.0.0.132

huaweihonor_play7aRange<8.0.0.195

CPENameOperatorVersion
alp-al00blt9.0.0.156
alp-l09lt9.0.0.159
alp-l29lt9.0.0.159
alp-l29lt9.0.0.159
alp-l29lt9.0.0.160
anne-al00lt8.0.0.168
atomu-al10blt8.0.0.195
atomu-l03lt8.0.0.145
atomu-l11lt8.0.0.144
atomu-l21lt8.0.0.144

Name	Operator	Version
alp-al00b	lt	9.0.0.156
alp-l09	lt	9.0.0.159
alp-l29	lt	9.0.0.159
alp-l29	lt	9.0.0.159
alp-l29	lt	9.0.0.160
anne-al00	lt	8.0.0.168
atomu-al10b	lt	8.0.0.195
atomu-l03	lt	8.0.0.145
atomu-l11	lt	8.0.0.144
atomu-l21	lt	8.0.0.144

Rows per page:

1-10 of 731

1.9 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

4.3 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

29.1%

JSON

Related for HUAWEI-SA-20181121-01-PHONE