Sign-up

ID

VAR-201807-2068


CVE

CVE-2018-7993


TITLE

HUAWEI Mate 10 Vulnerability related to the use of released memory on smartphones

Trust: 0.8

sources: JVNDB: JVNDB-2018-008885

DESCRIPTION

HUAWEI Mate 10 smartphones with versions earlier than ALP-AL00 8.1.0.311 have a use after free vulnerability on mediaserver component. An attacker tricks the user install a malicious application, which make the software to reference memory after it has been freed. Successful exploit could cause execution of arbitrary code. HUAWEI Mate 10 Smartphones are vulnerable to the use of freed memory.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HuaweiMate10 is a smartphone from China's Huawei company. A memory error reference vulnerability exists in the mediaserver component of the HuaweiMate10 phone

Trust: 2.16

sources: NVD: CVE-2018-7993 // JVNDB: JVNDB-2018-008885 // CNVD: CNVD-2018-13042

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-13042

AFFECTED PRODUCTS

vendor:huaweimodel:mate 10scope:ltversion:alp-al00_8.1.0.311

Trust: 1.0

vendor:huaweimodel:mate 10scope:ltversion:alp-al00 8.1.0.311

Trust: 0.8

vendor:huaweimodel:mate <alp-al00scope:eqversion:108.1.0.311

Trust: 0.6

sources: CNVD: CNVD-2018-13042 // JVNDB: JVNDB-2018-008885 // NVD: CVE-2018-7993

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-7993
value: HIGH

Trust: 1.0

NVD: CVE-2018-7993
value: HIGH

Trust: 0.8

CNVD: CNVD-2018-13042
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201807-2009
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2018-7993
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-13042
severity: MEDIUM
baseScore: 6.2
vectorString: AV:L/AC:H/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 1.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2018-7993
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-13042 // JVNDB: JVNDB-2018-008885 // CNNVD: CNNVD-201807-2009 // NVD: CVE-2018-7993

PROBLEMTYPE DATA

problemtype:CWE-416

Trust: 1.8

sources: JVNDB: JVNDB-2018-008885 // NVD: CVE-2018-7993

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201807-2009

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201807-2009

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-008885

PATCH
title:huawei-sa-20180711-01-smartphoneurl:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180711-01-smartphone-en
Trust: 0.8
title:HuaweiMate10 phone memory error reference vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/134169
Trust: 0.6
title:Huawei Mate 10 mediaserver Fixes for component security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=82736
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-13042 // 
            
            
            
            JVNDB: JVNDB-2018-008885 // 
            
            
            
            CNNVD: CNNVD-201807-2009

EXTERNAL IDS
db:NVDid:CVE-2018-7993
Trust: 3.0
db:JVNDBid:JVNDB-2018-008885
Trust: 0.8
db:CNVDid:CNVD-2018-13042
Trust: 0.6
db:CNNVDid:CNNVD-201807-2009
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-13042 // 
            
            
            
            JVNDB: JVNDB-2018-008885 // 
            
            
            
            CNNVD: CNNVD-201807-2009 // 
            
            
            
            NVD: CVE-2018-7993

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180711-01-smartphone-en
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7993
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-7993
Trust: 0.8
url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20180711-01-smartphone-cn
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-13042 // 
            
            
            
            JVNDB: JVNDB-2018-008885 // 
            
            
            
            CNNVD: CNNVD-201807-2009 // 
            
            
            
            NVD: CVE-2018-7993

SOURCES
db:CNVDid:CNVD-2018-13042
db:JVNDBid:JVNDB-2018-008885
db:CNNVDid:CNNVD-201807-2009
db:NVDid:CVE-2018-7993

LAST UPDATE DATE
2024-11-23T22:55:49.513000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-13042date:2018-07-12T00:00:00
db:JVNDBid:JVNDB-2018-008885date:2018-10-31T00:00:00
db:CNNVDid:CNNVD-201807-2009date:2018-08-01T00:00:00
db:NVDid:CVE-2018-7993date:2024-11-21T04:13:02.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-13042date:2018-07-12T00:00:00
db:JVNDBid:JVNDB-2018-008885date:2018-10-31T00:00:00
db:CNNVDid:CNNVD-201807-2009date:2018-08-01T00:00:00
db:NVDid:CVE-2018-7993date:2018-07-31T14:29:01.120