PT-2018-18350 · Huawei · Huawei Smartphone
Publicado
2018-07-31
·
Atualizado
2019-10-03
·
CVE-2018-7957
CVSS v3.1
3.3
Baixa
| Vetor | AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
Huawei smartphones with software Victoria-AL00 version 8.0.0.336a(C00)
Description:
The issue is related to an information leakage problem. It occurs because an interface does not correctly verify authorization, allowing attackers to exploit an application that has phone state authorization to obtain additional user information, specifically the user's location.
Recommendations:
For Huawei smartphones with software Victoria-AL00 version 8.0.0.336a(C00), consider restricting access to the phone state authorization until a fix is available. As a temporary workaround, review and limit applications with phone state access to minimize the risk of exploitation.
Correção
Incorrect Authorization
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Huawei Smartphone