CVE-2018-7957

{"id": "CVE-2018-7957", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 1.8}]}, "published": "2018-07-31T14:29:01.043", "references": [{"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180704-01-smartphone-en", "tags": ["Vendor Advisory"], "source": "psirt@huawei.com"}, {"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180704-01-smartphone-en", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-863"}]}], "descriptions": [{"lang": "en", "value": "Huawei smartphones with software Victoria-AL00 8.0.0.336a(C00) have an information leakage vulnerability. Because an interface does not verify authorization correctly, attackers can exploit an application with the authorization of phone state to obtain user location additionally."}, {"lang": "es", "value": "Los smartphones Huawei con software Victoria-AL00 8.0.0.336a(C00) tienen una vulnerabilidad de fuga de informaci\u00f3n. Debido a que una interfaz no verifica correctamente la autorizaci\u00f3n, los atacantes pueden explotar una aplicaci\u00f3n con la autorizaci\u00f3n del estado del tel\u00e9fono para obtener de forma adicional la ubicaci\u00f3n del usuario."}], "lastModified": "2024-11-21T04:13:01.107", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:victoria-al00_firmware:victoria-al00_8.0.0.336a\\(c00\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6911D31F-BD23-429F-AF6A-9E8DD3664341"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:victoria-al00:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CF41D0A5-FE05-4A76-9747-1FD382FD7FD6"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@huawei.com"}