| |
Vulnerability CVE-2018-7947
Published: 2018-07-31
| Description: |
Huawei mobile phones with versions earlier before Emily-AL00A 8.1.0.153(C00) have an authentication bypass vulnerability. An attacker could trick the user to connect to a malicious device. In the debug mode, the malicious software in the device may exploit the vulnerability to bypass some specific function. Successful exploit may cause some malicious applications to be installed in the mobile phones. |
Type:
CWE-287 (Improper Authentication)
CVSS2 => (AV:L/AC:M/Au:N/C:P/I:P/A:P)
| CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
4.4/10 |
6.4/10 |
3.4/10 |
| Exploit range |
Attack complexity |
Authentication |
Local |
Medium |
No required |
| Confidentiality impact |
Integrity impact |
Availability impact |
Partial |
Partial |
Partial |
References: |
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180720-01-mobile-en
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
