cnvd - cnvd-2018-13551

cnvd-2018-13551

Vulnerability from cnvd

Title: Huawei Emily-AL00A鉴权绕过漏洞

Description:

Huawei Emily-AL00A是中国华为（Huawei）公司的一款智能手机设备。

Huawei Emily-AL00A存在鉴权绕过漏洞。攻击者诱使用户连接恶意设备。在开启调试模式的情况下，设备上的恶意软件可以利用这个漏洞绕过手机某个特定功能的鉴权。成功利用这个漏洞可以在手机上安装恶意应用。

Severity: 中

Patch Name: Huawei Emily-AL00A鉴权绕过漏洞的补丁

Patch Description:

Huawei Emily-AL00A是中国华为（Huawei）公司的一款智能手机设备。

Huawei Emily-AL00A存在鉴权绕过漏洞。攻击者诱使用户连接恶意设备。在开启调试模式的情况下，设备上的恶意软件可以利用这个漏洞绕过手机某个特定功能的鉴权。成功利用这个漏洞可以在手机上安装恶意应用。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

华为已发布版本修复该漏洞，安全预警链接： http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20180720-01-mobile-cn

Reference: https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20180720-01-mobile-cn

Impacted products

Name
Huawei Emily-AL00A <8.1.0.153(C00)

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-7947"
    }
  },
  "description": "Huawei Emily-AL00A\u662f\u4e2d\u56fd\u534e\u4e3a\uff08Huawei\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u667a\u80fd\u624b\u673a\u8bbe\u5907\u3002 \r\n\r\nHuawei Emily-AL00A\u5b58\u5728\u9274\u6743\u7ed5\u8fc7\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u8bf1\u4f7f\u7528\u6237\u8fde\u63a5\u6076\u610f\u8bbe\u5907\u3002\u5728\u5f00\u542f\u8c03\u8bd5\u6a21\u5f0f\u7684\u60c5\u51b5\u4e0b\uff0c\u8bbe\u5907\u4e0a\u7684\u6076\u610f\u8f6f\u4ef6\u53ef\u4ee5\u5229\u7528\u8fd9\u4e2a\u6f0f\u6d1e\u7ed5\u8fc7\u624b\u673a\u67d0\u4e2a\u7279\u5b9a\u529f\u80fd\u7684\u9274\u6743\u3002\u6210\u529f\u5229\u7528\u8fd9\u4e2a\u6f0f\u6d1e\u53ef\u4ee5\u5728\u624b\u673a\u4e0a\u5b89\u88c5\u6076\u610f\u5e94\u7528\u3002",
  "discovererName": "Huawei",
  "formalWay": "\u534e\u4e3a\u5df2\u53d1\u5e03\u7248\u672c\u4fee\u590d\u8be5\u6f0f\u6d1e\uff0c\u5b89\u5168\u9884\u8b66\u94fe\u63a5\uff1a\r\nhttp://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20180720-01-mobile-cn",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-13551",
  "openTime": "2018-07-20",
  "patchDescription": "Huawei Emily-AL00A\u662f\u4e2d\u56fd\u534e\u4e3a\uff08Huawei\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u667a\u80fd\u624b\u673a\u8bbe\u5907\u3002 \r\n\r\nHuawei Emily-AL00A\u5b58\u5728\u9274\u6743\u7ed5\u8fc7\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u8bf1\u4f7f\u7528\u6237\u8fde\u63a5\u6076\u610f\u8bbe\u5907\u3002\u5728\u5f00\u542f\u8c03\u8bd5\u6a21\u5f0f\u7684\u60c5\u51b5\u4e0b\uff0c\u8bbe\u5907\u4e0a\u7684\u6076\u610f\u8f6f\u4ef6\u53ef\u4ee5\u5229\u7528\u8fd9\u4e2a\u6f0f\u6d1e\u7ed5\u8fc7\u624b\u673a\u67d0\u4e2a\u7279\u5b9a\u529f\u80fd\u7684\u9274\u6743\u3002\u6210\u529f\u5229\u7528\u8fd9\u4e2a\u6f0f\u6d1e\u53ef\u4ee5\u5728\u624b\u673a\u4e0a\u5b89\u88c5\u6076\u610f\u5e94\u7528\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Huawei Emily-AL00A\u9274\u6743\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Huawei Emily-AL00A \u003c8.1.0.153(C00)"
  },
  "referenceLink": "https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20180720-01-mobile-cn",
  "serverity": "\u4e2d",
  "submitTime": "2018-07-20",
  "title": "Huawei Emily-AL00A\u9274\u6743\u7ed5\u8fc7\u6f0f\u6d1e"
}

CVE-2018-7947 (GCVE-0-2018-7947)

Vulnerability from cvelistv5

Published

2018-07-31 14:00

Modified

2024-08-05 06:37

Severity ?

CWE

authentication bypass

Summary

Huawei mobile phones with versions earlier before Emily-AL00A 8.1.0.153(C00) have an authentication bypass vulnerability. An attacker could trick the user to connect to a malicious device. In the debug mode, the malicious software in the device may exploit the vulnerability to bypass some specific function. Successful exploit may cause some malicious applications to be installed in the mobile phones.

References

▼	URL	Tags
	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180720-01-mobile-en	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Huawei Technologies Co., Ltd.	Emily-AL00A	Version: Versions earlier before 8.1.0.153(C00)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T06:37:59.881Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180720-01-mobile-en"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Emily-AL00A",
          "vendor": "Huawei Technologies Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "Versions earlier before 8.1.0.153(C00)"
            }
          ]
        }
      ],
      "datePublic": "2018-07-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Huawei mobile phones with versions earlier before Emily-AL00A 8.1.0.153(C00) have an authentication bypass vulnerability. An attacker could trick the user to connect to a malicious device. In the debug mode, the malicious software in the device may exploit the vulnerability to bypass some specific function. Successful exploit may cause some malicious applications to be installed in the mobile phones."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "authentication bypass",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-07-31T13:57:01",
        "orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
        "shortName": "huawei"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180720-01-mobile-en"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@huawei.com",
          "ID": "CVE-2018-7947",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Emily-AL00A",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Versions earlier before 8.1.0.153(C00)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Huawei Technologies Co., Ltd."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Huawei mobile phones with versions earlier before Emily-AL00A 8.1.0.153(C00) have an authentication bypass vulnerability. An attacker could trick the user to connect to a malicious device. In the debug mode, the malicious software in the device may exploit the vulnerability to bypass some specific function. Successful exploit may cause some malicious applications to be installed in the mobile phones."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "authentication bypass"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180720-01-mobile-en",
              "refsource": "CONFIRM",
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180720-01-mobile-en"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
    "assignerShortName": "huawei",
    "cveId": "CVE-2018-7947",
    "datePublished": "2018-07-31T14:00:00",
    "dateReserved": "2018-03-09T00:00:00",
    "dateUpdated": "2024-08-05T06:37:59.881Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted