Sign-up

ID

VAR-201811-0861


CVE

CVE-2018-7988


TITLE

plural Huawei Vulnerabilities related to authorization, authority, and access control in smartphones

Trust: 0.8

sources: JVNDB: JVNDB-2018-014582

DESCRIPTION

There is a Factory Reset Protection (FRP) bypass vulnerability on several smartphones. The system does not sufficiently verify the permission, an attacker uses a data cable to connect the smartphone to another smartphone and then perform a series of specific operations. Successful exploit could allow the attacker bypass the FRP protection. plural Huawei Smartphones have vulnerabilities related to authorization, authority, and access control.Information may be tampered with. Huawei Mate9Pro and Nova2Plus are all smart phones from China's Huawei company. The Huawei nova 2 Plus and Mate9 Pro are smartphones from the Chinese company Huawei. There are security vulnerabilities in Huawei nova 2 Plus versions prior to 8.0.0.350(C00) and Mate9 Pro versions prior to 8.0.0.363(C00). The vulnerability stems from insufficient verification of permissions by the system

Trust: 2.25

sources: NVD: CVE-2018-7988 // JVNDB: JVNDB-2018-014582 // CNVD: CNVD-2018-23257 // VULHUB: VHN-138020

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-23257

AFFECTED PRODUCTS

vendor:huaweimodel:nova 2 plusscope:ltversion:8.0.0.350\(c00\)

Trust: 1.0

vendor:huaweimodel:mate 9 proscope:ltversion:8.0.0.363\(c00\)

Trust: 1.0

vendor:huaweimodel:mate 9 proscope: - version: -

Trust: 0.8

vendor:huaweimodel:nova 2 plusscope: - version: -

Trust: 0.8

vendor:huaweimodel:nova plus <8.0.0.350scope:eqversion:2

Trust: 0.6

vendor:huaweimodel:mate pro <8.0.0.363scope:eqversion:9

Trust: 0.6

sources: CNVD: CNVD-2018-23257 // JVNDB: JVNDB-2018-014582 // NVD: CVE-2018-7988

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-7988
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-7988
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2018-23257
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201811-495
value: MEDIUM

Trust: 0.6

VULHUB: VHN-138020
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2018-7988
severity: LOW
baseScore: 3.6
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-23257
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:C/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-138020
severity: LOW
baseScore: 3.6
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-7988
baseSeverity: MEDIUM
baseScore: 4.6
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 0.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-23257 // VULHUB: VHN-138020 // JVNDB: JVNDB-2018-014582 // CNNVD: CNNVD-201811-495 // NVD: CVE-2018-7988

PROBLEMTYPE DATA

problemtype:CWE-863

Trust: 1.1

problemtype:CWE-264

Trust: 0.9

sources: VULHUB: VHN-138020 // JVNDB: JVNDB-2018-014582 // NVD: CVE-2018-7988

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201811-495

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-014582

PATCH
title:huawei-sa-20181114-01-smartphoneurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181114-01-smartphone-en
Trust: 0.8
title:Huawei smartphone FRP bypass vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/144797
Trust: 0.6
title:Huawei nova 2 Plus  and Mate9 Pro Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86896
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-23257 // 
            
            
            
            JVNDB: JVNDB-2018-014582 // 
            
            
            
            CNNVD: CNNVD-201811-495

EXTERNAL IDS
db:NVDid:CVE-2018-7988
Trust: 3.1
db:JVNDBid:JVNDB-2018-014582
Trust: 0.8
db:CNNVDid:CNNVD-201811-495
Trust: 0.7
db:CNVDid:CNVD-2018-23257
Trust: 0.6
db:VULHUBid:VHN-138020
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-23257 // 
            
            
            
            VULHUB: VHN-138020 // 
            
            
            
            JVNDB: JVNDB-2018-014582 // 
            
            
            
            CNNVD: CNNVD-201811-495 // 
            
            
            
            NVD: CVE-2018-7988

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181114-01-smartphone-en
Trust: 2.3
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7988
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-7988
Trust: 0.8
url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20181114-01-smartphone-cn
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-23257 // 
            
            
            
            VULHUB: VHN-138020 // 
            
            
            
            JVNDB: JVNDB-2018-014582 // 
            
            
            
            CNNVD: CNNVD-201811-495 // 
            
            
            
            NVD: CVE-2018-7988

SOURCES
db:CNVDid:CNVD-2018-23257
db:VULHUBid:VHN-138020
db:JVNDBid:JVNDB-2018-014582
db:CNNVDid:CNNVD-201811-495
db:NVDid:CVE-2018-7988

LAST UPDATE DATE
2024-11-23T22:41:38.917000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-23257date:2019-05-07T00:00:00
db:VULHUBid:VHN-138020date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2018-014582date:2019-03-28T00:00:00
db:CNNVDid:CNNVD-201811-495date:2019-10-23T00:00:00
db:NVDid:CVE-2018-7988date:2024-11-21T04:13:02.290

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-23257date:2018-11-16T00:00:00
db:VULHUBid:VHN-138020date:2018-11-27T00:00:00
db:JVNDBid:JVNDB-2018-014582date:2019-03-28T00:00:00
db:CNNVDid:CNNVD-201811-495date:2018-11-15T00:00:00
db:NVDid:CVE-2018-7988date:2018-11-27T22:29:00.523