PT-2018-18350 · Huawei · Huawei Smartphone
Published
2018-07-31
·
Updated
2019-10-03
·
CVE-2018-7957
CVSS v3.1
3.3
Low
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
Huawei smartphones with software Victoria-AL00 version 8.0.0.336a(C00)
Description:
The issue is related to an information leakage problem. It occurs because an interface does not correctly verify authorization, allowing attackers to exploit an application that has phone state authorization to obtain additional user information, specifically the user's location.
Recommendations:
For Huawei smartphones with software Victoria-AL00 version 8.0.0.336a(C00), consider restricting access to the phone state authorization until a fix is available. As a temporary workaround, review and limit applications with phone state access to minimize the risk of exploitation.
Fix
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Huawei Smartphone