CVE-2018-7901

EPSS 0.08%
Veröffentlicht 30.04.2018 14:29:00
Zuletzt bearbeitet 21.11.2024 04:12:56
Quelle psirt@huawei.com
Teams Watchlist Login
Unerledigt Login

RCS module in Huawei ALP-AL00B smart phones with software versions earlier than 8.0.0.129, BLA-AL00B smart phones with software versions earlier than 8.0.0.129 has a remote control vulnerability. An attacker can trick a user to install a malicious application. When the application connects with RCS for the first time, it needs user to manually click to agree. In addition, the attacker needs to obtain the key that RCS uses to authenticate the application. Successful exploitation may cause the attacker to control keyboard remotely.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Huawei ≫ Alp-al00b Firmware Version < 8.0.0.129

Huawei ≫ Alp-al00b Version-

Huawei ≫ Bla-al00b Firmware Version < 8.0.0.129

Huawei ≫ Bla-al00b Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.08%	0.208

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.4	1.8	2.5	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
nvd@nist.gov	5.8	8.6	4.9	AV:N/AC:M/Au:N/C:N/I:P/A:P

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180425-01-rcs-en

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-7901

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-7901

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-7901

EUVD