CVE-2018-7988

{"id": "CVE-2018-7988", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 4.6, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 0.9}]}, "published": "2018-11-27T22:29:00.523", "references": [{"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181114-01-smartphone-en", "tags": ["Vendor Advisory"], "source": "psirt@huawei.com"}, {"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181114-01-smartphone-en", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-863"}]}], "descriptions": [{"lang": "en", "value": "There is a Factory Reset Protection (FRP) bypass vulnerability on several smartphones. The system does not sufficiently verify the permission, an attacker uses a data cable to connect the smartphone to another smartphone and then perform a series of specific operations. Successful exploit could allow the attacker bypass the FRP protection."}, {"lang": "es", "value": "Hay una vulnerabilidad de omisi\u00f3n de FRP (Factory Reset Protection) en algunos smartphones. El sistema no verifica lo suficiente el permiso, por lo que un atacante puede utilizar un cable de datos para conectar el smartphone a otro smartphone y, despu\u00e9s, realizar una serie de operaciones espec\u00edficas. Su explotaci\u00f3n con \u00e9xito podr\u00eda permitir que el atacante omita la protecci\u00f3n FRP."}], "lastModified": "2024-11-21T04:13:02.290", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:nova_2_plus_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A3A838F0-B2BA-4C85-AB5C-43D03F0AB6E2", "versionEndExcluding": "8.0.0.350\\(c00\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:nova_2_plus:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B612E3F4-CB5E-4FD4-9D0A-4393C99067D8"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:mate_9_pro_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D72ED06A-CC2D-46E3-8867-192D00223E42", "versionEndExcluding": "8.0.0.363\\(c00\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:mate_9_pro:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E4CC4AF8-2F6D-41FC-9697-17472AF32FC6"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@huawei.com"}