PT-2017-15520 · Huawei · Honor 6
Publicado
2017-11-22
·
Atualizado
2017-12-11
·
CVE-2017-2733
CVSS v3.1
5.5
Média
| Vetor | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Honor 6X smartphones with software versions earlier than BLN-AL10C00B357
Honor 6X smartphones with software versions earlier than BLN-AL20C00B357
Description
The issue is caused by improper file permission configuration, leading to an information leak. An attacker can trick a user into installing a malicious application, which can then access files containing the cipher text of the SIM card PIN.
Recommendations
For versions earlier than BLN-AL10C00B357, update to a version BLN-AL10C00B357 or later.
For versions earlier than BLN-AL20C00B357, update to a version BLN-AL20C00B357 or later.
Correção
Information Disclosure
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Honor 6