CVE-2018-7990 - OpenCVE

Mate10 Pro Huawei smart phones with the versions before 8.1.0.326(C00) have a FRP bypass vulnerability. During the mobile phone reseting process, an attacker could bypass "Find My Phone" protect after a series of voice and keyboard operations. Successful exploit could allow an attacker to bypass FRP.

No CVSS v3.1

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Complete

Availability Impact None

AV:L/AC:L/Au:N/C:N/I:C/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Huawei	Mate 10 Pro Mate 10 Pro Firmware

Configuration 1 [-]

AND

cpe:2.3:o:huawei:mate_10_pro_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:mate_10_pro:-:*:*:*:*:*:*:*

References

Link	Resource
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180831-01-smartphone-en	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: huawei

Published: 2018-09-04T16:00:00

Updated: 2018-09-04T15:57:01

Reserved: 2018-03-09T00:00:00

Link: CVE-2018-7990

JSON object: View

NVD Information

Status : Analyzed

Published: 2018-09-04T16:29:01.003

Modified: 2019-10-03T00:03:26.223

Link: CVE-2018-7990

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo

{"containers": {"cna": {"affected": [{"product": "Mate10 Pro", "vendor": "Huawei Technologies Co., Ltd.", "versions": [{"status": "affected", "version": "The versions before 8.1.0.326(C00)"}]}], "datePublic": "2018-08-31T00:00:00", "descriptions": [{"lang": "en", "value": "Mate10 Pro Huawei smart phones with the versions before 8.1.0.326(C00) have a FRP bypass vulnerability. During the mobile phone reseting process, an attacker could bypass \"Find My Phone\" protect after a series of voice and keyboard operations. Successful exploit could allow an attacker to bypass FRP."}], "problemTypes": [{"descriptions": [{"description": "FRP bypass", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-09-04T15:57:01", "orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180831-01-smartphone-en"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@huawei.com", "ID": "CVE-2018-7990", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Mate10 Pro", "version": {"version_data": [{"version_value": "The versions before 8.1.0.326(C00)"}]}}]}, "vendor_name": "Huawei Technologies Co., Ltd."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Mate10 Pro Huawei smart phones with the versions before 8.1.0.326(C00) have a FRP bypass vulnerability. During the mobile phone reseting process, an attacker could bypass \"Find My Phone\" protect after a series of voice and keyboard operations. Successful exploit could allow an attacker to bypass FRP."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "FRP bypass"}]}]}, "references": {"reference_data": [{"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180831-01-smartphone-en", "refsource": "CONFIRM", "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180831-01-smartphone-en"}]}}}}, "cveMetadata": {"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "assignerShortName": "huawei", "cveId": "CVE-2018-7990", "datePublished": "2018-09-04T16:00:00", "dateReserved": "2018-03-09T00:00:00", "dateUpdated": "2018-09-04T15:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:mate_10_pro_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "9B1D1C9F-4A2B-4394-8BDB-B52687EDB3CE", "versionEndExcluding": "8.1.0.326\\(c00\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:mate_10_pro:-:*:*:*:*:*:*:*", "matchCriteriaId": "5FC0AD4F-0368-4F29-ACCF-B948B8C6BE05", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Mate10 Pro Huawei smart phones with the versions before 8.1.0.326(C00) have a FRP bypass vulnerability. During the mobile phone reseting process, an attacker could bypass \"Find My Phone\" protect after a series of voice and keyboard operations. Successful exploit could allow an attacker to bypass FRP."}, {"lang": "es", "value": "Los smartphones Huawei Mate10 Pro en versiones anteriores a la 8.1.0.326(C00) tienen una vulnerabilidad de omisi\u00f3n de Factory Reset Protection (FRP). Durante el proceso de reinicio del tel\u00e9fono m\u00f3vil, un atacante podr\u00eda omitir la protecci\u00f3n \"Find My Phone\" tras una serie de operaciones de voz y teclado. Su explotaci\u00f3n con \u00e9xito podr\u00eda permitir que el atacante omita FRP."}], "id": "CVE-2018-7990", "lastModified": "2019-10-03T00:03:26.223", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.9, "confidentialityImpact": "NONE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:C/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 0.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-09-04T16:29:01.003", "references": [{"source": "psirt@huawei.com", "tags": ["Vendor Advisory"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180831-01-smartphone-en"}], "sourceIdentifier": "psirt@huawei.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}