Lucene search

Huawei TechnologiesHUAWEI-SA-20200311-01-PHONE

HistoryMar 11, 2020 - 12:00 a.m.

Security Advisory - Information Leakage Vulnerability in Motion Sensor

2020-03-1100:00:00

Huawei Technologies

www.huawei.com

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

3.3 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

0.0004 Low

EPSS

Percentile

12.7%

JSON

Motion sensor in some Huawei smart phones has an information leakage vulnerability. An attacker may exploit this vulnerability to obtain specific information from the motion sensor through an APP installed on the smart phone and track the user. Successful exploit may cause information leak. (Vulnerability ID: HWPSIRT-2019-05147)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2019-8541.

Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200311-01-phone-en

Affected configurations

Vulners

Node

huaweiwarsaw-al00Range<9.1.0.126

huaweiberkeley-al20Range<9.1.0.333

huaweiberkeley-l09Range<9.1.0.350

huaweiberkeley-l09Range<9.1.0.351

huaweiberkeley-tl10Range<9.1.0.333

huaweicolumbia-al10bRange<9.1.0.333

huaweicolumbia-l29dRange<9.1.0.350

huaweicolumbia-l29dRange<9.1.0.351

huaweicornell-al00iRange<9.1.0.333

huaweihonor_20Range<10.0.0.143

huaweihonor_20Range<9.1.0.154

huaweihonor_20Range<9.1.0.155

huaweihuawei_p20Range<9.1.0.246

huaweihuawei_y9_2019Range<9.1.0.237

huaweihuawei_nova_2sRange<9.1.0.210

huaweihuawei_nova_3Range<9.1.0.333

huaweihuawei_nova_3eRange<9.1.0.126

huaweihuawei_nova_3eRange<9.1.0.280

huaweihuawei_nova_3eRange<9.1.0.246

huaweihonor_8xRange<9.1.0.248

huaweihonor_8xRange<9.1.0.249

huaweihonor_8xRange<9.1.0.264

huaweihonor_8xRange<9.1.0.273

huaweihonor_view_20Range<10.0.0.179

huaweihonor_view_20Range<10.0.0.180

huaweijackman-l22Range<9.1.0.237

huaweijohnson-tl00dRange<9.1.0.219

huaweijohnson-tl00fRange<9.1.0.234

huaweiparis-al00icRange<9.1.0.354

huaweiparis-l21bRange<9.1.0.349

huaweiparis-l21mebRange<9.1.0.349

huaweiparis-l29bRange<9.1.0.349

huaweiprinceton-al10dRange<10.1.0.160

huaweisydney-l21Range<9.1.0.228

huaweisydney-tl00Range<9.1.0.228

huaweisydneym-l01Range<9.1.0.228

huaweiyale-al50aRange<9.1.0.179

huaweiyale-al50aRange<9.1.1.158

huaweiyale-l21aRange<10.0.0.168

huaweiyale-l61aRange<9.1.0.195

huaweiyale-tl00bRange<9.1.0.179

huaweiyalep-al10bRange<9.1.0.179

huawei畅享6Range<9.1.0.221

huawei荣耀magic2Range<10.0.0.175

CPENameOperatorVersion
anne-al00lt9.1.0.126
berkeley-al20lt9.1.0.333
berkeley-l09lt9.1.0.350
berkeley-l09lt9.1.0.350
berkeley-l09lt9.1.0.351
berkeley-tl10lt9.1.0.333
columbia-al00alt9.1.0.333
columbia-al10blt9.1.0.333
columbia-l29dlt9.1.0.350
columbia-l29dlt9.1.0.350

Name	Operator	Version
anne-al00	lt	9.1.0.126
berkeley-al20	lt	9.1.0.333
berkeley-l09	lt	9.1.0.350
berkeley-l09	lt	9.1.0.350
berkeley-l09	lt	9.1.0.351
berkeley-tl10	lt	9.1.0.333
columbia-al00a	lt	9.1.0.333
columbia-al10b	lt	9.1.0.333
columbia-l29d	lt	9.1.0.350
columbia-l29d	lt	9.1.0.350

Rows per page:

1-10 of 661

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

3.3 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

0.0004 Low

EPSS

Percentile

12.7%

JSON

Related for HUAWEI-SA-20200311-01-PHONE