Sign-up

ID

VAR-201812-0944


CVE

CVE-2018-7956


TITLE

plural Huawei In product Access control vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-014330

DESCRIPTION

Huawei VIP App is a mobile app for Malaysia customers that purchased P20 Series, Nova 3/3i and Mate 20. There is a vulnerability in versions before 4.0.5 that attackers can conduct bruteforce to the VIP App Web Services to get user information. plural Huawei In product Contains an access control vulnerability.Information may be obtained. Huawei VIP App is a pre-installed membership service application for mobile phones of China Huawei (Huawei)

Trust: 1.71

sources: NVD: CVE-2018-7956 // JVNDB: JVNDB-2018-014330 // VULHUB: VHN-137988

AFFECTED PRODUCTS

vendor:huaweimodel:vip appscope:ltversion:4.0.5

Trust: 1.8

vendor:huaweimodel:nova 3iscope:eqversion: -

Trust: 1.0

vendor:huaweimodel:nova 3scope:eqversion: -

Trust: 1.0

vendor:huaweimodel:mate 20scope:eqversion: -

Trust: 1.0

vendor:huaweimodel:mate 20scope: - version: -

Trust: 0.8

vendor:huaweimodel:nova 3scope: - version: -

Trust: 0.8

vendor:huaweimodel:nova 3iscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2018-014330 // NVD: CVE-2018-7956

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-7956
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-7956
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201811-914
value: MEDIUM

Trust: 0.6

VULHUB: VHN-137988
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-7956
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-137988
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-7956
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-137988 // JVNDB: JVNDB-2018-014330 // CNNVD: CNNVD-201811-914 // NVD: CVE-2018-7956

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-284

Trust: 0.9

sources: VULHUB: VHN-137988 // JVNDB: JVNDB-2018-014330 // NVD: CVE-2018-7956

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201811-914

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201811-914

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-014330

PATCH
title:huawei-sa-20181129-01-huaweivip-enurl:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181129-01-huaweivip-en
Trust: 0.8
title:Huawei VIP App Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=87337
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-014330 // 
            
            
            
            CNNVD: CNNVD-201811-914

EXTERNAL IDS
db:NVDid:CVE-2018-7956
Trust: 2.5
db:JVNDBid:JVNDB-2018-014330
Trust: 0.8
db:CNNVDid:CNNVD-201811-914
Trust: 0.7
db:VULHUBid:VHN-137988
Trust: 0.1
sources:
            
            
            VULHUB: VHN-137988 // 
            
            
            
            JVNDB: JVNDB-2018-014330 // 
            
            
            
            CNNVD: CNNVD-201811-914 // 
            
            
            
            NVD: CVE-2018-7956

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181129-01-huaweivip-en
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7956
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-7956
Trust: 0.8
url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20181129-01-huaweivip-cn
Trust: 0.6
sources:
            
            
            VULHUB: VHN-137988 // 
            
            
            
            JVNDB: JVNDB-2018-014330 // 
            
            
            
            CNNVD: CNNVD-201811-914 // 
            
            
            
            NVD: CVE-2018-7956

SOURCES
db:VULHUBid:VHN-137988
db:JVNDBid:JVNDB-2018-014330
db:CNNVDid:CNNVD-201811-914
db:NVDid:CVE-2018-7956

LAST UPDATE DATE
2024-11-23T23:08:32.125000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-137988date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2018-014330date:2019-03-18T00:00:00
db:CNNVDid:CNNVD-201811-914date:2022-03-18T00:00:00
db:NVDid:CVE-2018-7956date:2024-11-21T04:13:00.997

SOURCES RELEASE DATE
db:VULHUBid:VHN-137988date:2018-12-04T00:00:00
db:JVNDBid:JVNDB-2018-014330date:2019-03-18T00:00:00
db:CNNVDid:CNNVD-201811-914date:2018-11-30T00:00:00
db:NVDid:CVE-2018-7956date:2018-12-04T18:29:00.310