CVE-2018-7910 - Vulnerability Details

Vendors	Products
Huawei	Alp-al00b Alp-al00b Firmware Alp-tl00b Alp-tl00b Firmware Bla-al00b Bla-al00b Firmware Bla-l09c Bla-l09c Firmware Bla-l29c Bla-l29c Firmware

Link	Providers
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181101-01-bypass-en

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "ALP-AL00B, ALP-TL00B, BLA-AL00B, BLA-L09C, BLA-L29C", "vendor": "Huawei Technologies Co., Ltd.", "versions": [{"status": "affected", "version": "ALP-AL00B 8.0.0.118D(C00), ALP-TL00B 8.0.0.118D(C01), BLA-AL00B 8.0.0.118D(C00), BLA-L09C 8.0.0.127(C432), 8.0.0.128(C432), 8.0.0.137(C432), BLA-L29C 8.0.0.129(C432), 8.0.0.137(C432)"}]}], "datePublic": "2018-11-01T00:00:00", "descriptions": [{"lang": "en", "value": "Some Huawei smartphones ALP-AL00B 8.0.0.118D(C00), ALP-TL00B 8.0.0.118D(C01), BLA-AL00B 8.0.0.118D(C00), BLA-L09C 8.0.0.127(C432), 8.0.0.128(C432), 8.0.0.137(C432), BLA-L29C 8.0.0.129(C432), 8.0.0.137(C432) have an authentication bypass vulnerability. When the attacker obtains the user's smartphone, the vulnerability can be used to replace the start-up program so that the attacker can obtain the information in the smartphone and achieve the purpose of controlling the smartphone."}], "problemTypes": [{"descriptions": [{"description": "authentication bypass", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-11-13T18:57:01", "orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181101-01-bypass-en"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@huawei.com", "ID": "CVE-2018-7910", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "ALP-AL00B, ALP-TL00B, BLA-AL00B, BLA-L09C, BLA-L29C", "version": {"version_data": [{"version_value": "ALP-AL00B 8.0.0.118D(C00), ALP-TL00B 8.0.0.118D(C01), BLA-AL00B 8.0.0.118D(C00), BLA-L09C 8.0.0.127(C432), 8.0.0.128(C432), 8.0.0.137(C432), BLA-L29C 8.0.0.129(C432), 8.0.0.137(C432)"}]}}]}, "vendor_name": "Huawei Technologies Co., Ltd."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Some Huawei smartphones ALP-AL00B 8.0.0.118D(C00), ALP-TL00B 8.0.0.118D(C01), BLA-AL00B 8.0.0.118D(C00), BLA-L09C 8.0.0.127(C432), 8.0.0.128(C432), 8.0.0.137(C432), BLA-L29C 8.0.0.129(C432), 8.0.0.137(C432) have an authentication bypass vulnerability. When the attacker obtains the user's smartphone, the vulnerability can be used to replace the start-up program so that the attacker can obtain the information in the smartphone and achieve the purpose of controlling the smartphone."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "authentication bypass"}]}]}, "references": {"reference_data": [{"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181101-01-bypass-en", "refsource": "CONFIRM", "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181101-01-bypass-en"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T06:37:59.598Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181101-01-bypass-en"}]}]}, "cveMetadata": {"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "assignerShortName": "huawei", "cveId": "CVE-2018-7910", "datePublished": "2018-11-13T19:00:00", "dateReserved": "2018-03-09T00:00:00", "dateUpdated": "2024-08-05T06:37:59.598Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : ALP-AL00B, ALP-TL00B, BLA-AL00B, BLA-L09C, BLA-L29C (string)

vendor : Huawei Technologies Co., Ltd. (string)

versions : [ »

0 : { »

status : affected (string)

version : ALP-AL00B 8.0.0.118D(C00), ALP-TL00B 8.0.0.118D(C01), BLA-AL00B 8.0.0.118D(C00), BLA-L09C 8.0.0.127(C432), 8.0.0.128(C432), 8.0.0.137(C432), BLA-L29C 8.0.0.129(C432), 8.0.0.137(C432) (string)

}

]

}

]

datePublic : 2018-11-01T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : Some Huawei smartphones ALP-AL00B 8.0.0.118D(C00), ALP-TL00B 8.0.0.118D(C01), BLA-AL00B 8.0.0.118D(C00), BLA-L09C 8.0.0.127(C432), 8.0.0.128(C432), 8.0.0.137(C432), BLA-L29C 8.0.0.129(C432), 8.0.0.137(C432) have an authentication bypass vulnerability. When the attacker obtains the user's smartphone, the vulnerability can be used to replace the start-up program so that the attacker can obtain the information in the smartphone and achieve the purpose of controlling the smartphone. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : authentication bypass (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2018-11-13T18:57:01 (string)

orgId : 25ac1063-e409-4190-8079-24548c77ea2e (string)

shortName : huawei (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181101-01-bypass-en (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : psirt@huawei.com (string)

ID : CVE-2018-7910 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : ALP-AL00B, ALP-TL00B, BLA-AL00B, BLA-L09C, BLA-L29C (string)

version : { »

version_data : [ »

0 : { »

version_value : ALP-AL00B 8.0.0.118D(C00), ALP-TL00B 8.0.0.118D(C01), BLA-AL00B 8.0.0.118D(C00), BLA-L09C 8.0.0.127(C432), 8.0.0.128(C432), 8.0.0.137(C432), BLA-L29C 8.0.0.129(C432), 8.0.0.137(C432) (string)

}

]

}

]

}

vendor_name : Huawei Technologies Co., Ltd. (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : Some Huawei smartphones ALP-AL00B 8.0.0.118D(C00), ALP-TL00B 8.0.0.118D(C01), BLA-AL00B 8.0.0.118D(C00), BLA-L09C 8.0.0.127(C432), 8.0.0.128(C432), 8.0.0.137(C432), BLA-L29C 8.0.0.129(C432), 8.0.0.137(C432) have an authentication bypass vulnerability. When the attacker obtains the user's smartphone, the vulnerability can be used to replace the start-up program so that the attacker can obtain the information in the smartphone and achieve the purpose of controlling the smartphone. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : authentication bypass (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181101-01-bypass-en (string)

refsource : CONFIRM (string)

url : http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181101-01-bypass-en (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-05T06:37:59.598Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181101-01-bypass-en (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 25ac1063-e409-4190-8079-24548c77ea2e (string)

assignerShortName : huawei (string)

cveId : CVE-2018-7910 (string)

datePublished : 2018-11-13T19:00:00 (string)

dateReserved : 2018-03-09T00:00:00 (string)

dateUpdated : 2024-08-05T06:37:59.598Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:alp-al00b_firmware:8.0.0.1.18d\\(c00\\):*:*:*:*:*:*:*", "matchCriteriaId": "D327AD65-437A-4DA9-B38E-FFE9147AAB82", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:alp-al00b:-:*:*:*:*:*:*:*", "matchCriteriaId": "0FA2B2F1-3D58-4DC7-AB7A-28BF8B282333", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:alp-tl00b_firmware:8.0.0.1.18d\\(c01\\):*:*:*:*:*:*:*", "matchCriteriaId": "439861D3-3F70-4A8C-A2F0-99120207E3CF", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:alp-tl00b:-:*:*:*:*:*:*:*", "matchCriteriaId": "E7918CD6-341B-4FCC-BD31-30B8952192C8", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:bla-al00b_firmware:8.0.0.1.18d\\(c00\\):*:*:*:*:*:*:*", "matchCriteriaId": "06F0F9A3-BC44-463E-BF84-593CAC5CBB45", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:bla-al00b:-:*:*:*:*:*:*:*", "matchCriteriaId": "B11D6D9B-335B-404C-88F3-590DF9E5D878", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:bla-l09c_firmware:8.0.0.127\\(c432\\):*:*:*:*:*:*:*", "matchCriteriaId": "D2CADEF0-2830-4883-8B52-4BCE6B74DBF4", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:bla-l09c_firmware:8.0.0.128\\(c432\\):*:*:*:*:*:*:*", "matchCriteriaId": "E4C168E2-2679-478D-815F-FD909FBE1B38", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:bla-l09c_firmware:8.0.0.137\\(c432\\):*:*:*:*:*:*:*", "matchCriteriaId": "87AC6AB6-B166-4098-98E1-79A6407DAFA5", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:bla-l09c:-:*:*:*:*:*:*:*", "matchCriteriaId": "3C787E52-055B-4931-9B5C-604F1578A3A0", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:bla-l29c_firmware:8.0.0.127\\(c432\\):*:*:*:*:*:*:*", "matchCriteriaId": "BD8BD839-9468-4F62-A66B-25C1AF032D05", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:bla-l29c_firmware:8.0.0.137\\(c432\\):*:*:*:*:*:*:*", "matchCriteriaId": "641C18E2-CB4A-4169-B836-B4CD171248EC", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:bla-l29c:-:*:*:*:*:*:*:*", "matchCriteriaId": "551386D1-3D02-4319-B2A2-1AAE80F7F249", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Some Huawei smartphones ALP-AL00B 8.0.0.118D(C00), ALP-TL00B 8.0.0.118D(C01), BLA-AL00B 8.0.0.118D(C00), BLA-L09C 8.0.0.127(C432), 8.0.0.128(C432), 8.0.0.137(C432), BLA-L29C 8.0.0.129(C432), 8.0.0.137(C432) have an authentication bypass vulnerability. When the attacker obtains the user's smartphone, the vulnerability can be used to replace the start-up program so that the attacker can obtain the information in the smartphone and achieve the purpose of controlling the smartphone."}, {"lang": "es", "value": "Algunos smartphones Huawei ALP-AL00B 8.0.0.118D(C00), ALP-TL00B 8.0.0.118D(C01), BLA-AL00B 8.0.0.118D(C00), BLA-L09C 8.0.0.127(C432), 8.0.0.128(C432), 8.0.0.137(C432), BLA-L29C 8.0.0.129(C432) y 8.0.0.137(C432) tienen una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n. Cuando el atacante obtiene el smartphone del usuario, la vulnerabilidad se puede emplear para reemplazar el programa de arranque para que el atacante pueda obtener la informaci\u00f3n en el smartphone y lograr controlarlo."}], "id": "CVE-2018-7910", "lastModified": "2024-11-21T04:12:57.327", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 0.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-11-13T19:29:00.400", "references": [{"source": "psirt@huawei.com", "tags": ["Vendor Advisory"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181101-01-bypass-en"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181101-01-bypass-en"}], "sourceIdentifier": "psirt@huawei.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:huawei:alp-al00b_firmware:8.0.0.1.18d\(c00\):*:*:*:*:*:*:* (string)

matchCriteriaId : D327AD65-437A-4DA9-B38E-FFE9147AAB82 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:huawei:alp-al00b:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 0FA2B2F1-3D58-4DC7-AB7A-28BF8B282333 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:huawei:alp-tl00b_firmware:8.0.0.1.18d\(c01\):*:*:*:*:*:*:* (string)

matchCriteriaId : 439861D3-3F70-4A8C-A2F0-99120207E3CF (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:huawei:alp-tl00b:-:*:*:*:*:*:*:* (string)

matchCriteriaId : E7918CD6-341B-4FCC-BD31-30B8952192C8 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

2 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:huawei:bla-al00b_firmware:8.0.0.1.18d\(c00\):*:*:*:*:*:*:* (string)

matchCriteriaId : 06F0F9A3-BC44-463E-BF84-593CAC5CBB45 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:huawei:bla-al00b:-:*:*:*:*:*:*:* (string)

matchCriteriaId : B11D6D9B-335B-404C-88F3-590DF9E5D878 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

3 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:huawei:bla-l09c_firmware:8.0.0.127\(c432\):*:*:*:*:*:*:* (string)

matchCriteriaId : D2CADEF0-2830-4883-8B52-4BCE6B74DBF4 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:huawei:bla-l09c_firmware:8.0.0.128\(c432\):*:*:*:*:*:*:* (string)

matchCriteriaId : E4C168E2-2679-478D-815F-FD909FBE1B38 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:o:huawei:bla-l09c_firmware:8.0.0.137\(c432\):*:*:*:*:*:*:* (string)

matchCriteriaId : 87AC6AB6-B166-4098-98E1-79A6407DAFA5 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:huawei:bla-l09c:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 3C787E52-055B-4931-9B5C-604F1578A3A0 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

4 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:huawei:bla-l29c_firmware:8.0.0.127\(c432\):*:*:*:*:*:*:* (string)

matchCriteriaId : BD8BD839-9468-4F62-A66B-25C1AF032D05 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:huawei:bla-l29c_firmware:8.0.0.137\(c432\):*:*:*:*:*:*:* (string)

matchCriteriaId : 641C18E2-CB4A-4169-B836-B4CD171248EC (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:huawei:bla-l29c:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 551386D1-3D02-4319-B2A2-1AAE80F7F249 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Some Huawei smartphones ALP-AL00B 8.0.0.118D(C00), ALP-TL00B 8.0.0.118D(C01), BLA-AL00B 8.0.0.118D(C00), BLA-L09C 8.0.0.127(C432), 8.0.0.128(C432), 8.0.0.137(C432), BLA-L29C 8.0.0.129(C432), 8.0.0.137(C432) have an authentication bypass vulnerability. When the attacker obtains the user's smartphone, the vulnerability can be used to replace the start-up program so that the attacker can obtain the information in the smartphone and achieve the purpose of controlling the smartphone. (string)

}

1 : { »

lang : es (string)

value : Algunos smartphones Huawei ALP-AL00B 8.0.0.118D(C00), ALP-TL00B 8.0.0.118D(C01), BLA-AL00B 8.0.0.118D(C00), BLA-L09C 8.0.0.127(C432), 8.0.0.128(C432), 8.0.0.137(C432), BLA-L29C 8.0.0.129(C432) y 8.0.0.137(C432) tienen una vulnerabilidad de omisión de autenticación. Cuando el atacante obtiene el smartphone del usuario, la vulnerabilidad se puede emplear para reemplazar el programa de arranque para que el atacante pueda obtener la información en el smartphone y lograr controlarlo. (string)

}

]

id : CVE-2018-7910 (string)

lastModified : 2024-11-21T04:12:57.327 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : LOCAL (string)

authentication : NONE (string)

availabilityImpact : PARTIAL (string)

baseScore : 4.6 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : PARTIAL (string)

vectorString : AV:L/AC:L/Au:N/C:P/I:P/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 6.4 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV30 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : PHYSICAL (string)

availabilityImpact : HIGH (string)

baseScore : 6.8 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (string)

version : 3.0 (string)

}

exploitabilityScore : 0.9 (number)

impactScore : 5.9 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2018-11-13T19:29:00.400 (string)

references : [ »

0 : { »

source : psirt@huawei.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181101-01-bypass-en (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181101-01-bypass-en (string)

}

]

sourceIdentifier : psirt@huawei.com (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-287 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object