CVE-2018-7956

EUVD-2018-19668
Huawei VIP App is a mobile app for Malaysia customers that purchased P20 Series, Nova 3/3i and Mate 20. There is a vulnerability in versions before 4.0.5 that attackers can conduct bruteforce to the VIP App Web Services to get user information.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 29%
Affected Products (NVD)
VendorProductVersion
huaweivip_app
𝑥
< 4.0.5
huaweimate_20_firmware
-
huaweinova_3i_firmware
-
huaweinova_3_firmware
-
𝑥
= Vulnerable software versions
References
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181129-01-huaweivip-en
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181129-01-huaweivip-en