HUAWEI Mate 10-Mate 10 Pro- CVE-2018-7940 – Authentication Bypass

Authors:Harry Sintonen          Risk:High

CVE:CVE-2018-7940              0day:Authentication Bypass   

0day -id:0DAY-176156            Date:2018-05-09

Description

HUAWEI Mate 10, a HUAWEI Mate 10 Pro phone has an authentication bypass vulnerability. An attacker with high authority gains a smartphone and bypasses the activation function through some specific operations. (Vulgate ID: HWPSIRT-2018-03001)

This vulnerability has been assigned Common Vulnerability and Exposure (CVE) ID: CVE-2018-7940.

Software Versions and Fixes

Product Name Affected Version Resolved Product and Version
HUAWEI Mate 10 earlier versions than 8.0.0.129(SP2C00) ALP-AL00B 8.0.0.129(SP2C00)
HUAWEI Mate 10 Pro earlier versions than 8.0.0.129(SP2C01) BLA-TL00B 8.0.0.129(SP2C01)

 Impact

Successful exploit may bypass the activation function.

 Vulnerability Scoring Details

The vulnerability classification has been performed by using the CVSSv3 scoring system (http://www.first.org/cvss/specification-document).

Base Score: 3.9 (AV:P/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N)

Temporal Score: 3.6 (E:F/RL:O/RC:C)

 Technique Details

This vulnerability can be exploited only when the following conditions are present:

1. The attacker obtains a user’s smart phone.

Vulnerability details:

There is an authentication bypass vulnerability in some Huawei smart phones. An attacker with high privilege obtains the smart phone and bypass the activation function by some specific operations.

 Obtaining Fixed Software

The product that supports automatic update will receive a system update prompt. You can install the update to fix the vulnerability.

Leave a Reply