Sign-up

ID

VAR-201812-0945


CVE

CVE-2018-7987


TITLE

Huawei P20 Smartphone out-of-bounds vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-012615

DESCRIPTION

There is an out-of-bounds write vulnerability on Huawei P20 smartphones with versions before 8.1.0.171(C00). The software does not handle the response message properly when the user doing certain inquiry operation, an attacker could send crafted message to the device, successful exploit could cause a denial of service condition. HuaweiP20 is a smartphone of Huawei. HuaweiP20 has a memory write cross-border vulnerability. The successful use of this vulnerability can cause the mobile phone to refuse service

Trust: 2.16

sources: NVD: CVE-2018-7987 // JVNDB: JVNDB-2018-012615 // CNVD: CNVD-2018-24196

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-24196

AFFECTED PRODUCTS

vendor:huaweimodel:p20scope:ltversion:8.1.0.171\(c00\)

Trust: 1.0

vendor:huaweimodel:p20scope:ltversion:8.1.0.171(c00)

Trust: 0.8

vendor:huaweimodel:p20 <8.1.0.171scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2018-24196 // JVNDB: JVNDB-2018-012615 // NVD: CVE-2018-7987

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-7987
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-7987
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2018-24196
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201811-859
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2018-7987
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-24196
severity: MEDIUM
baseScore: 5.4
vectorString: AV:N/AC:H/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 4.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2018-7987
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-24196 // JVNDB: JVNDB-2018-012615 // CNNVD: CNNVD-201811-859 // NVD: CVE-2018-7987

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.8

sources: JVNDB: JVNDB-2018-012615 // NVD: CVE-2018-7987

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201811-859

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201811-859

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-012615

PATCH
title:huawei-sa-20181128-02-smartphoneurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181128-02-smartphone-en
Trust: 0.8
title:HuaweiP20 memory writes a cross-border vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/145645
Trust: 0.6
title:Huawei P20 Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=87080
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-24196 // 
            
            
            
            JVNDB: JVNDB-2018-012615 // 
            
            
            
            CNNVD: CNNVD-201811-859

EXTERNAL IDS
db:NVDid:CVE-2018-7987
Trust: 3.0
db:JVNDBid:JVNDB-2018-012615
Trust: 0.8
db:CNVDid:CNVD-2018-24196
Trust: 0.6
db:CNNVDid:CNNVD-201811-859
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-24196 // 
            
            
            
            JVNDB: JVNDB-2018-012615 // 
            
            
            
            CNNVD: CNNVD-201811-859 // 
            
            
            
            NVD: CVE-2018-7987

REFERENCES
url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20181128-02-smartphone-cn
Trust: 1.2
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181128-02-smartphone-en
Trust: 1.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7987
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-7987
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2018-24196 // 
            
            
            
            JVNDB: JVNDB-2018-012615 // 
            
            
            
            CNNVD: CNNVD-201811-859 // 
            
            
            
            NVD: CVE-2018-7987

SOURCES
db:CNVDid:CNVD-2018-24196
db:JVNDBid:JVNDB-2018-012615
db:CNNVDid:CNNVD-201811-859
db:NVDid:CVE-2018-7987

LAST UPDATE DATE
2024-11-23T22:51:53.496000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-24196date:2018-11-29T00:00:00
db:JVNDBid:JVNDB-2018-012615date:2019-02-06T00:00:00
db:CNNVDid:CNNVD-201811-859date:2018-11-29T00:00:00
db:NVDid:CVE-2018-7987date:2024-11-21T04:13:02.190

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-24196date:2018-11-29T00:00:00
db:JVNDBid:JVNDB-2018-012615date:2019-02-06T00:00:00
db:CNNVDid:CNNVD-201811-859date:2018-11-29T00:00:00
db:NVDid:CVE-2018-7987date:2018-12-04T18:29:00.357