Lucene search

Huawei TechnologiesHUAWEI-SA-20181101-01-BYPASS

HistoryNov 01, 2018 - 12:00 a.m.

Security Advisory - Authentication Bypass Vulnerability in Some Huawei Smart Phones

2018-11-0100:00:00

Huawei Technologies

www.huawei.com

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

6.8

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

29.6%

JSON

Some Huawei smartphones have an authentication bypass vulnerability. When the attacker obtains the user’s smartphone, the vulnerability can be used to replace the start-up program so that the attacker can obtain the information in the smartphone and achieve the purpose of controlling the smartphone. (Vulnerability ID: HWPSIRT-2018-02106)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2018-7910.

Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181101-01-bypass-en

Affected configurations

Vulners

Node

huaweialp-al00b_firmwareMatch8.0.0.118d

huaweialp-tl00b_firmwareMatch8.0.0.118d

huaweibla-al00b_firmwareMatch8.0.0.118d

huaweibla-l09c_firmwareMatch8.0.0.127

huaweibla-l09c_firmwareMatch8.0.0.128

huaweibla-l09c_firmwareMatch8.0.0.137

huaweibla-l29c_firmwareMatch8.0.0.129

huaweibla-l29c_firmwareMatch8.0.0.137

VendorProductVersionCPE
huaweialp-al00b_firmware8.0.0.118dcpe:2.3:o:huawei:alp-al00b_firmware:8.0.0.118d:*:*:*:*:*:*:*
huaweialp-tl00b_firmware8.0.0.118dcpe:2.3:o:huawei:alp-tl00b_firmware:8.0.0.118d:*:*:*:*:*:*:*
huaweibla-al00b_firmware8.0.0.118dcpe:2.3:o:huawei:bla-al00b_firmware:8.0.0.118d:*:*:*:*:*:*:*
huaweibla-l09c_firmware8.0.0.127cpe:2.3:o:huawei:bla-l09c_firmware:8.0.0.127:*:*:*:*:*:*:*
huaweibla-l09c_firmware8.0.0.128cpe:2.3:o:huawei:bla-l09c_firmware:8.0.0.128:*:*:*:*:*:*:*
huaweibla-l09c_firmware8.0.0.137cpe:2.3:o:huawei:bla-l09c_firmware:8.0.0.137:*:*:*:*:*:*:*
huaweibla-l29c_firmware8.0.0.129cpe:2.3:o:huawei:bla-l29c_firmware:8.0.0.129:*:*:*:*:*:*:*
huaweibla-l29c_firmware8.0.0.137cpe:2.3:o:huawei:bla-l29c_firmware:8.0.0.137:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
huawei	alp-al00b_firmware	8.0.0.118d	cpe:2.3:o:huawei:alp-al00b_firmware:8.0.0.118d:::::::*
huawei	alp-tl00b_firmware	8.0.0.118d	cpe:2.3:o:huawei:alp-tl00b_firmware:8.0.0.118d:::::::*
huawei	bla-al00b_firmware	8.0.0.118d	cpe:2.3:o:huawei:bla-al00b_firmware:8.0.0.118d:::::::*
huawei	bla-l09c_firmware	8.0.0.127	cpe:2.3:o:huawei:bla-l09c_firmware:8.0.0.127:::::::*
huawei	bla-l09c_firmware	8.0.0.128	cpe:2.3:o:huawei:bla-l09c_firmware:8.0.0.128:::::::*
huawei	bla-l09c_firmware	8.0.0.137	cpe:2.3:o:huawei:bla-l09c_firmware:8.0.0.137:::::::*
huawei	bla-l29c_firmware	8.0.0.129	cpe:2.3:o:huawei:bla-l29c_firmware:8.0.0.129:::::::*
huawei	bla-l29c_firmware	8.0.0.137	cpe:2.3:o:huawei:bla-l29c_firmware:8.0.0.137:::::::*

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

6.8

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

29.6%

JSON

Related for HUAWEI-SA-20181101-01-BYPASS