CVE-2018-7928

{"id": "CVE-2018-7928", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 4.6, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 0.9}]}, "published": "2018-10-09T14:29:00.513", "references": [{"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180930-01-mycloud-en", "tags": ["Vendor Advisory"], "source": "psirt@huawei.com"}, {"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180930-01-mycloud-en", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "There is a security vulnerability which could lead to Factory Reset Protection (FRP) bypass in the MyCloud APP with the versions before 8.1.2.303 installed on some Huawei smart phones. When re-configuring the mobile phone using the FRP function, an attacker can replace the old account with a new one through special steps by exploit this vulnerability. As a result, the FRP function is bypassed."}, {"lang": "es", "value": "Hay una vulnerabilidad de seguridad que podr\u00eda conducir a la omisi\u00f3n del FRP (Factory Reset Protection) en MyCloud APP en versiones anteriores a la 8.1.2.303 instalada en algunos smartphones Huawei. Al volver a configurar el tel\u00e9fono m\u00f3vil mediante la funci\u00f3n FRP, un atacante puede reemplazar la cuenta antigua por una nueva mediante pasos especiales explotando esta vulnerabilidad. Como resultado, se omite la funci\u00f3n FRP."}], "lastModified": "2024-11-21T04:12:58.360", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:westerndigital:my_cloud:*:*:*:*:*:android:*:*", "vulnerable": true, "matchCriteriaId": "81BE8C3F-E027-4DE4-9269-9AD4818E8673", "versionEndExcluding": "8.1.2.303"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@huawei.com"}