CVE-2018-7989

CWE-287 — Improper Authentication3 documents3 sources

Severity

4.6MEDIUM

EPSS

0.0%

top 91.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei Mate 10 PRO Firmware Huawei Technologies Co., Ltd. Mate 10 PRO

Timeline

PublishedOct 17

Latest updateMay 14

Description

Huawei Mate 10 pro smartphones with the versions before BLA-AL00B 8.1.0.326(C00) have an improper authentication vulnerability. App Lock is a function to prevent unauthorized use of apps on smartphones, an attacker could directly change the lock password after a series of operations. Successful exploit could allow the attacker to use the application which is locked.

CVSS vector

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 0.9 | Impact: 3.6

Affected Packages2 packages

▶NVDhuawei/mate_10_pro_firmware< bla-al00b_8.1.0.326\(c00\)

▶CVEListV5huawei_technologies_co.,_ltd./mate_10_proThe versions before BLA-AL00B 8.1.0.326(C00)

🔴Vulnerability Details

GHSA

GHSA-h46f-mmx9-64wg: Huawei Mate 10 pro smartphones with the versions before BLA-AL00B 8↗2022-05-14

▶

CVEList

CVE-2018-7989: Huawei Mate 10 pro smartphones with the versions before BLA-AL00B 8↗2018-10-17

▶