{"containers": {"cna": {"affected": [{"product": "Huawei nova 2 Plus, Huawei Mate9 Pro", "vendor": "Huawei Technologies Co., Ltd.", "versions": [{"status": "affected", "version": "Huawei nova 2 Plus the versions before 8.0.0.350(C00), Huawei Mate9 Pro the versions before 8.0.0.363(C00)"}]}], "datePublic": "2018-11-14T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "There is a Factory Reset Protection (FRP) bypass vulnerability on several smartphones. The system does not sufficiently verify the permission, an attacker uses a data cable to connect the smartphone to another smartphone and then perform a series of specific operations. Successful exploit could allow the attacker bypass the FRP protection."}], "problemTypes": [{"descriptions": [{"description": "FRP bypass", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-11-27T21:57:01.000Z", "orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181114-01-smartphone-en"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@huawei.com", "ID": "CVE-2018-7988", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Huawei nova 2 Plus, Huawei Mate9 Pro", "version": {"version_data": [{"version_value": "Huawei nova 2 Plus the versions before 8.0.0.350(C00), Huawei Mate9 Pro the versions before 8.0.0.363(C00)"}]}}]}, "vendor_name": "Huawei Technologies Co., Ltd."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "There is a Factory Reset Protection (FRP) bypass vulnerability on several smartphones. The system does not sufficiently verify the permission, an attacker uses a data cable to connect the smartphone to another smartphone and then perform a series of specific operations. Successful exploit could allow the attacker bypass the FRP protection."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "FRP bypass"}]}]}, "references": {"reference_data": [{"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181114-01-smartphone-en", "refsource": "CONFIRM", "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181114-01-smartphone-en"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T06:37:59.673Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181114-01-smartphone-en"}]}]}, "cveMetadata": {"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "assignerShortName": "huawei", "cveId": "CVE-2018-7988", "datePublished": "2018-11-27T22:00:00.000Z", "dateReserved": "2018-03-09T00:00:00.000Z", "dateUpdated": "2024-08-05T06:37:59.673Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:nova_2_plus_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A3A838F0-B2BA-4C85-AB5C-43D03F0AB6E2", "versionEndExcluding": "8.0.0.350\\(c00\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:nova_2_plus:-:*:*:*:*:*:*:*", "matchCriteriaId": "B612E3F4-CB5E-4FD4-9D0A-4393C99067D8", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:mate_9_pro_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D72ED06A-CC2D-46E3-8867-192D00223E42", "versionEndExcluding": "8.0.0.363\\(c00\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:mate_9_pro:-:*:*:*:*:*:*:*", "matchCriteriaId": "E4CC4AF8-2F6D-41FC-9697-17472AF32FC6", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "There is a Factory Reset Protection (FRP) bypass vulnerability on several smartphones. The system does not sufficiently verify the permission, an attacker uses a data cable to connect the smartphone to another smartphone and then perform a series of specific operations. Successful exploit could allow the attacker bypass the FRP protection."}, {"lang": "es", "value": "Hay una vulnerabilidad de omisi\u00f3n de FRP (Factory Reset Protection) en algunos smartphones. El sistema no verifica lo suficiente el permiso, por lo que un atacante puede utilizar un cable de datos para conectar el smartphone a otro smartphone y, despu\u00e9s, realizar una serie de operaciones espec\u00edficas. Su explotaci\u00f3n con \u00e9xito podr\u00eda permitir que el atacante omita la protecci\u00f3n FRP."}], "id": "CVE-2018-7988", "lastModified": "2024-11-21T04:13:02.290", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.6, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 0.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-11-27T22:29:00.523", "references": [{"source": "psirt@huawei.com", "tags": ["Vendor Advisory"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181114-01-smartphone-en"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181114-01-smartphone-en"}], "sourceIdentifier": "psirt@huawei.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}