Details of VAR-201704-0491

ID

VAR-201704-0491

CVE

CVE-2016-8756

TITLE

Huawei Mate 8 Smartphone software ION Service operation interruption in memory management module (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2016-008231

DESCRIPTION

ION memory management module in Huawei Mate 8 phones with software NXT-AL10C00B197 and earlier versions, NXT-DL10C00B197 and earlier versions, NXT-TL10C00B197 and earlier versions, NXT-CL10C00B197 and earlier versions allows attackers to cause a denial of service (restart). HuaweiMate8 is a smartphone from China Huawei. There are local denial of service vulnerabilities in more than 8 versions of huaweimate. A local attacker could exploit the vulnerability to restart the device, resulting in a denial of service. Huawei Mate 8 is prone to a local denial-of-service vulnerability. The following versions are vulnerable: Mate 8 NXT-AL10C00B197 and prior versions are affected. Mate 8 NXT-DL10C00B197 and prior versions are affected. Mate 8 NXT-TL10C00B197 and prior versions are affected. Mate 8 NXT-CL10C00B197 and prior versions are affected. Huawei Mate 8 is a smartphone product of China's Huawei (Huawei). Attackers can exploit this vulnerability by enticing users to install malicious applications to send specific parameters to the phone, causing the system to restart

Trust: 2.52

sources: NVD: CVE-2016-8756 // JVNDB: JVNDB-2016-008231 // CNVD: CNVD-2016-10621 // BID: 93935 // VULHUB: VHN-97576

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2016-10621

AFFECTED PRODUCTS

vendor:	huawei	model:	mate 8	scope:	eq	version:	nxt-tl10c00b197	Trust: 1.6
vendor:	huawei	model:	mate 8	scope:	eq	version:	nxt-cl10c00b197	Trust: 1.6
vendor:	huawei	model:	mate 8	scope:	eq	version:	nxt-al10c00b197	Trust: 1.6
vendor:	huawei	model:	mate 8	scope:	eq	version:	nxt-dl10c00b197	Trust: 1.6
vendor:	huawei	model:	mate nxt-cl00c92b182	scope:	eq	version:	8	Trust: 0.9
vendor:	huawei	model:	mate nxt-dl00c17b182	scope:	eq	version:	8	Trust: 0.9
vendor:	huawei	model:	mate nxt-tl00c01b182	scope:	eq	version:	8	Trust: 0.9
vendor:	huawei	model:	mate nxt-tl10c00b197	scope:	eq	version:	8	Trust: 0.9
vendor:	huawei	model:	mate nxt-tl00c01b197	scope:	eq	version:	8	Trust: 0.9
vendor:	huawei	model:	mate nxt-dl10c00b197	scope:	eq	version:	8	Trust: 0.9
vendor:	huawei	model:	mate nxt-dl00c17b197	scope:	eq	version:	8	Trust: 0.9
vendor:	huawei	model:	mate nxt-cl10c00b197	scope:	eq	version:	8	Trust: 0.9
vendor:	huawei	model:	mate nxt-cl00c92b197	scope:	eq	version:	8	Trust: 0.9
vendor:	huawei	model:	mate nxt-al10c00b197	scope:	eq	version:	8	Trust: 0.9
vendor:	huawei	model:	mate nxt-al10c00b182	scope:	eq	version:	8	Trust: 0.9
vendor:	huawei	model:	mate 8	scope:	lte	version:	nxt-al10c00b197	Trust: 0.8
vendor:	huawei	model:	mate 8	scope:	lte	version:	nxt-cl10c00b197	Trust: 0.8
vendor:	huawei	model:	mate 8	scope:	lte	version:	nxt-dl10c00b197	Trust: 0.8
vendor:	huawei	model:	mate 8	scope:	lte	version:	nxt-tl10c00b197	Trust: 0.8
vendor:	huawei	model:	mate nxt-tl10c00b301	scope:	ne	version:	8	Trust: 0.3
vendor:	huawei	model:	mate nxt-dl10c00b301	scope:	ne	version:	8	Trust: 0.3
vendor:	huawei	model:	mate nxt-cl10c00b301	scope:	ne	version:	8	Trust: 0.3
vendor:	huawei	model:	mate nxt-al10c00b301	scope:	ne	version:	8	Trust: 0.3

sources: CNVD: CNVD-2016-10621 // BID: 93935 // JVNDB: JVNDB-2016-008231 // CNNVD: CNNVD-201610-823 // NVD: CVE-2016-8756

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-8756
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2016-8756
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2016-10621
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-201610-823
value:	HIGH
Trust: 0.6
VULHUB:	VHN-97576
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2016-8756
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2016-10621
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-97576
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-8756
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2016-10621 // VULHUB: VHN-97576 // JVNDB: JVNDB-2016-008231 // CNNVD: CNNVD-201610-823 // NVD: CVE-2016-8756

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-97576 // JVNDB: JVNDB-2016-008231 // NVD: CVE-2016-8756

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201610-823

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201610-823

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-008231

PATCH

title:	huawei-sa-20161026-01-smartphone	url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161026-01-smartphone-en	Trust: 0.8
title:	HuaweiMate8 Local Denial of Service Vulnerability Patch	url:	https://www.cnvd.org.cn/patchInfo/show/83540	Trust: 0.6
title:	Huawei Mate 8 Remediation measures for denial of service vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65153	Trust: 0.6

sources: CNVD: CNVD-2016-10621 // JVNDB: JVNDB-2016-008231 // CNNVD: CNNVD-201610-823

EXTERNAL IDS

db:	NVD	id:	CVE-2016-8756	Trust: 3.4
db:	BID	id:	93935	Trust: 2.6
db:	JVNDB	id:	JVNDB-2016-008231	Trust: 0.8
db:	CNNVD	id:	CNNVD-201610-823	Trust: 0.7
db:	CNVD	id:	CNVD-2016-10621	Trust: 0.6
db:	VULHUB	id:	VHN-97576	Trust: 0.1

sources: CNVD: CNVD-2016-10621 // VULHUB: VHN-97576 // BID: 93935 // JVNDB: JVNDB-2016-008231 // CNNVD: CNNVD-201610-823 // NVD: CVE-2016-8756

REFERENCES

url:	http://www.securityfocus.com/bid/93935	Trust: 2.3
url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161026-01-smartphone-en	Trust: 2.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8756	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2016-8756	Trust: 0.8
url:	http://www.huawei.com	Trust: 0.3

sources: CNVD: CNVD-2016-10621 // VULHUB: VHN-97576 // BID: 93935 // JVNDB: JVNDB-2016-008231 // CNNVD: CNNVD-201610-823 // NVD: CVE-2016-8756

CREDITS

Hang Zhang, Dongdong She and Zhiyun Qian from University of California, Riverside.

Trust: 0.9

sources: BID: 93935 // CNNVD: CNNVD-201610-823

SOURCES

db:	CNVD	id:	CNVD-2016-10621
db:	VULHUB	id:	VHN-97576
db:	BID	id:	93935
db:	JVNDB	id:	JVNDB-2016-008231
db:	CNNVD	id:	CNNVD-201610-823
db:	NVD	id:	CVE-2016-8756

LAST UPDATE DATE

2024-11-23T22:52:31.596000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2016-10621	date:	2016-11-04T00:00:00
db:	VULHUB	id:	VHN-97576	date:	2017-04-07T00:00:00
db:	BID	id:	93935	date:	2016-11-24T01:04:00
db:	JVNDB	id:	JVNDB-2016-008231	date:	2017-05-08T00:00:00
db:	CNNVD	id:	CNNVD-201610-823	date:	2016-10-28T00:00:00
db:	NVD	id:	CVE-2016-8756	date:	2024-11-21T03:00:00.110

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2016-10621	date:	2016-11-04T00:00:00
db:	VULHUB	id:	VHN-97576	date:	2017-04-02T00:00:00
db:	BID	id:	93935	date:	2016-10-26T00:00:00
db:	JVNDB	id:	JVNDB-2016-008231	date:	2017-05-08T00:00:00
db:	CNNVD	id:	CNNVD-201610-823	date:	2016-10-28T00:00:00
db:	NVD	id:	CVE-2016-8756	date:	2017-04-02T20:59:01.093