Overview
- Description
- Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have an information disclosure vulnerability. The device does not sufficiently validate the output of device in certain specific scenario, the attacker can gain information in the victim's smartphone to launch the attack, successful exploit could cause information disclosure.
- Source
- psirt@huawei.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 4.6
- Impact score
- 3.6
- Exploitability score
- 0.9
- Vector string
- CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 2.1
- Impact score
- 2.9
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- CWE-20
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:taurus-an00b:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "1C0D6A4F-1F1E-4D1B-AE4E-23CD6FBCF28E"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:taurus-an00b_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FF4FE269-34CC-4AA8-BB57-8D4C288978E5",
"versionEndExcluding": "10.1.0.156"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]