Huawei TechnologiesHUAWEI-SA-20141202-P2Security Advisory-Multiple Vulnerabilities on Huawei P2 Smartphone
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
0.05 Low
EPSS
Percentile
92.9%
This security advisory (SA) describes two vulnerabilities.
The decoder driver of P2 was found to allow any application to read or write to an arbitrary memory address. (HWPSIRT-2014-0401)
This Vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID: CVE-2014-2273.
The Kingsoft Office application comes installed on Huawei P2 devices. An attacker that can modify the traffic coming from the applicationβs Google Cloud Printing service can gain remote code execution in the context of the application. (HWPSIRT-2014-0402)
This Vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID: CVE-2014-2271.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| p2-6011 | eq | V100R001C00B043 |
Related
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
0.05 Low
EPSS
Percentile
92.9%