- Description
- Huawei smart phones Mate 10 and Mate 10 Pro with earlier versions than 8.0.0.129(SP2C00) and earlier versions than 8.0.0.129(SP2C01) have an authentication bypass vulnerability. An attacker with high privilege obtains the smart phone and bypass the activation function by some specific operations.
- Source
- psirt@huawei.com
- NVD status
- Modified
CVSS 3.0
- Type
- Primary
- Base score
- 6.2
- Impact score
- 5.9
- Exploitability score
- 0.3
- Vector string
- CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 7.2
- Impact score
- 10
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:C/I:C/A:C
- nvd@nist.gov
- CWE-287
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:mate_9_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6A231B89-FC4F-4C27-BDDF-B860F0E980F5",
"versionEndExcluding": "8.0.0.129\\(sp2c00\\)"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:mate_9:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "93FB7D8B-A819-4CBB-85D1-D3984D963351"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:mate_9_pro_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3A91FF57-86C6-44D7-BAD5-576D7DEFE737",
"versionEndExcluding": "8.0.0.129\\(sp2c01\\)"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:mate_9_pro:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "E4CC4AF8-2F6D-41FC-9697-17472AF32FC6"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]