CVE-2018-7992 - OpenCVE

Mdapt Driver of Huawei MediaPad M3 BTV-W09C128B353CUSTC128D001; Mate 9 Pro versions earlier than 8.0.0.356(C00); P10 Plus versions earlier than 8.0.0.357(C00) has a buffer overflow vulnerability. The driver does not sufficiently validate the input, an attacker could trick the user to install a malicious application which would send crafted parameters to the driver. Successful exploit could cause a denial of service condition.

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Huawei	P10 Plus Mediapad M3 Firmware Mate 9 Pro Firmware Mate 9 Firmware Mediapad M3 Mate 9 Pro Mate 9 P10 Plus Firmware

Configuration 1 [-]

AND

cpe:2.3:o:huawei:mediapad_m3_firmware:btv-w09c128b353custc128d001:*:*:*:*:*:*:*

cpe:2.3:h:huawei:mediapad_m3:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:huawei:mate_9_pro_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:mate_9_pro:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:huawei:p10_plus_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:p10_plus:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:huawei:mate_9_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:mate_9:-:*:*:*:*:*:*:*

References

Link	Resource
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180725-01-dos-en	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: huawei

Published: 2018-07-31T14:00:00

Updated: 2018-07-31T13:57:01

Reserved: 2018-03-09T00:00:00

Link: CVE-2018-7992

JSON object: View

NVD Information

Status : Analyzed

Published: 2018-07-31T14:29:01.090

Modified: 2018-10-04T21:43:43.547

Link: CVE-2018-7992

JSON object: View

Redhat Information

No data.

CWE

CWE-119

{"containers": {"cna": {"affected": [{"product": "MediaPad M3; Mate 9 Pro; P10 Plus", "vendor": "Huawei Technologies Co., Ltd.", "versions": [{"status": "affected", "version": "MediaPad M3 BTV-W09C128B353CUSTC128D001"}, {"status": "affected", "version": "Mate 9 Pro versions earlier than 8.0.0.356(C00)"}, {"status": "affected", "version": "P10 Plus versions earlier than 8.0.0.357(C00)"}]}], "datePublic": "2018-07-25T00:00:00", "descriptions": [{"lang": "en", "value": "Mdapt Driver of Huawei MediaPad M3 BTV-W09C128B353CUSTC128D001; Mate 9 Pro versions earlier than 8.0.0.356(C00); P10 Plus versions earlier than 8.0.0.357(C00) has a buffer overflow vulnerability. The driver does not sufficiently validate the input, an attacker could trick the user to install a malicious application which would send crafted parameters to the driver. Successful exploit could cause a denial of service condition."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-07-31T13:57:01", "orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180725-01-dos-en"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@huawei.com", "ID": "CVE-2018-7992", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "MediaPad M3; Mate 9 Pro; P10 Plus", "version": {"version_data": [{"version_value": "MediaPad M3 BTV-W09C128B353CUSTC128D001"}, {"version_value": "Mate 9 Pro versions earlier than 8.0.0.356(C00)"}, {"version_value": "P10 Plus versions earlier than 8.0.0.357(C00)"}]}}]}, "vendor_name": "Huawei Technologies Co., Ltd."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Mdapt Driver of Huawei MediaPad M3 BTV-W09C128B353CUSTC128D001; Mate 9 Pro versions earlier than 8.0.0.356(C00); P10 Plus versions earlier than 8.0.0.357(C00) has a buffer overflow vulnerability. The driver does not sufficiently validate the input, an attacker could trick the user to install a malicious application which would send crafted parameters to the driver. Successful exploit could cause a denial of service condition."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180725-01-dos-en", "refsource": "CONFIRM", "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180725-01-dos-en"}]}}}}, "cveMetadata": {"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "assignerShortName": "huawei", "cveId": "CVE-2018-7992", "datePublished": "2018-07-31T14:00:00", "dateReserved": "2018-03-09T00:00:00", "dateUpdated": "2018-07-31T13:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:mediapad_m3_firmware:btv-w09c128b353custc128d001:*:*:*:*:*:*:*", "matchCriteriaId": "CEA2997A-3D4F-4F2A-9FC4-F1199B42B691", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:mediapad_m3:-:*:*:*:*:*:*:*", "matchCriteriaId": "FC9591DC-BA54-4C2B-8625-BD1938E43DBF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:mate_9_pro_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F6DFBA3E-A530-4C55-B127-25FDB1D2F2C4", "versionEndExcluding": "8.0.0.356\\(c00\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:mate_9_pro:-:*:*:*:*:*:*:*", "matchCriteriaId": "E4CC4AF8-2F6D-41FC-9697-17472AF32FC6", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:p10_plus_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "74C109D1-A80C-4051-978D-E915FEFE858B", "versionEndExcluding": "8.0.0.357\\(c00\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:p10_plus:-:*:*:*:*:*:*:*", "matchCriteriaId": "FAD5BC83-41ED-4260-8883-4CA5898A4FAD", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:mate_9_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "CE86894C-5954-4A3C-B3DE-52E13E346AF8", "versionEndExcluding": "8.0.0.356\\(c00\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:mate_9:-:*:*:*:*:*:*:*", "matchCriteriaId": "93FB7D8B-A819-4CBB-85D1-D3984D963351", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Mdapt Driver of Huawei MediaPad M3 BTV-W09C128B353CUSTC128D001; Mate 9 Pro versions earlier than 8.0.0.356(C00); P10 Plus versions earlier than 8.0.0.357(C00) has a buffer overflow vulnerability. The driver does not sufficiently validate the input, an attacker could trick the user to install a malicious application which would send crafted parameters to the driver. Successful exploit could cause a denial of service condition."}, {"lang": "es", "value": "El controlador Mdapt de Huawei MediaPad M3 BTV-W09C128B353CUSTC128D001; Mate 9 Pro en versiones anteriores a la 8.0.0.356(C00) y P10 Plus en versiones anteriores a la 8.0.0.357(C00) tiene una vulnerabilidad de desbordamiento de b\u00fafer. El controlador no valida la entrada suficientemente, por lo que un atacante podr\u00eda enga\u00f1ar al usuario para que instale una aplicaci\u00f3n maliciosa que enviar\u00eda par\u00e1metros manipulados al controlador. Su explotaci\u00f3n con \u00e9xito podr\u00eda provocar una condici\u00f3n de denegaci\u00f3n de servicio (DoS)."}], "id": "CVE-2018-7992", "lastModified": "2018-10-04T21:43:43.547", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-07-31T14:29:01.090", "references": [{"source": "psirt@huawei.com", "tags": ["Vendor Advisory"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180725-01-dos-en"}], "sourceIdentifier": "psirt@huawei.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}