CVE-2018-7907 Information

Description

Some Huawei products Agassi-L09 AGS-L09C100B257CUSTC100D001 AGS-L09C170B253CUSTC170D001 AGS-L09C199B251CUSTC199D001 AGS-L09C229B003CUSTC229D001 Agassi-W09 AGS-W09C100B257CUSTC100D001 AGS-W09C128B252CUSTC128D001 AGS-W09C170B252CUSTC170D001 AGS-W09C229B251CUSTC229D001 AGS-W09C331B003CUSTC331D001 AGS-W09C794B001CUSTC794D001 Baggio2-U01A BG2-U01C100B160CUSTC100D001 BG2-U01C170B160CUSTC170D001 BG2-U01C199B162CUSTC199D001 BG2-U01C209B160CUSTC209D001 BG2-U01C333B160CUSTC333D001 Bond-AL00C Bond-AL00CC00B201 Bond-AL10B Bond-AL10BC00B201 Bond-TL10B Bond-TL10BC01B201 Bond-TL10C Bond-TL10CC01B131 Haydn-L1JB HDN-L1JC137B068 Kobe-L09A KOB-L09C100B252CUSTC100D001 KOB-L09C209B002CUSTC209D001 KOB-L09C362B001CUSTC362D001 Kobe-L09AHN KOB-L09C233B226 Kobe-W09C KOB-W09C128B251CUSTC128D001 LelandP-L22C 8.0.0.101(C675CUSTC675D2) LelandP-L22D 8.0.0.101(C675CUSTC675D2) Rhone-AL00 Rhone-AL00C00B186 Selina-L02 Selina-L02C432B153 Stanford-L09S Stanford-L09SC432B183 Toronto-AL00 Toronto-AL00C00B223 Toronto-AL00A Toronto-AL00AC00B223 Toronto-TL10 Toronto-TL10C01B223 have a sensitive information leak vulnerability. An attacker can trick a user to install a malicious application to exploit this vulnerability. Due to insufficient verification of the input successful exploitation can cause sensitive information leak.

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Reference

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180919-02-smartphone-en

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

5.5