Details of VAR-201704-0500

ID

VAR-201704-0500

CVE

CVE-2016-8768

TITLE

plural Huawei In smartphone software PXN Vulnerability that disables the defense mechanism

Trust: 0.8

sources: JVNDB: JVNDB-2016-008264

DESCRIPTION

Huawei Honor 6, Honor 6 Plus, Honor 7 phones with software versions earlier than 6.9.16 could allow attackers to disable the PXN defense mechanism by invoking related drive code to crash the system or escalate privilege. HuaweiHonor is a smartphone product of China Huawei. Huawei mobile phone has a PXN protection mechanism failure security vulnerability. Due to the security vulnerabilities of PXN (Privileged Execute-Never) protection mechanism in the driver code of Huawei mobile phones, the attacker can induce users to install malicious applications. The application can close the PXN protection mechanism by calling the relevant driver code, resulting in rejection. Service attack. Multiple Huawei Products are prone to a local privilege-escalation. An attacker can exploit this issue to gain elevated privileges or crash the system resulting in a denial-of-service condition. Note: This issue was previously titled 'Multiple Huawei Products CVE-2016-8768 Local Denial of Service Vulnerability'. The title and technical details have been changed to better reflect the underlying component affected

Trust: 2.52

sources: NVD: CVE-2016-8768 // JVNDB: JVNDB-2016-008264 // CNVD: CNVD-2016-10430 // BID: 93885 // VULHUB: VHN-97588

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2016-10430

AFFECTED PRODUCTS

vendor:	huawei	model:	honor 7	scope:	eq	version:	-	Trust: 1.6
vendor:	huawei	model:	honor 6	scope:	eq	version:	-	Trust: 1.6
vendor:	huawei	model:	honor 6 plus	scope:	eq	version:	-	Trust: 1.6
vendor:	huawei	model:	honor 6 plus	scope:	lt	version:	6.9.16	Trust: 0.8
vendor:	huawei	model:	honor 6	scope:	lt	version:	6.9.16	Trust: 0.8
vendor:	huawei	model:	honor 7	scope:	lt	version:	6.9.16	Trust: 0.8
vendor:	huawei	model:	glory	scope:	eq	version:	6<6.9.16	Trust: 0.6
vendor:	huawei	model:	glory plus	scope:	eq	version:	6<6.9.16	Trust: 0.6
vendor:	huawei	model:	glory	scope:	eq	version:	7<6.9.16	Trust: 0.6
vendor:	huawei	model:	honor	scope:	eq	version:	76.9	Trust: 0.3
vendor:	huawei	model:	honor plus	scope:	eq	version:	66.9	Trust: 0.3
vendor:	huawei	model:	honor	scope:	eq	version:	66.9	Trust: 0.3
vendor:	huawei	model:	honor	scope:	ne	version:	76.9.16	Trust: 0.3
vendor:	huawei	model:	honor plus	scope:	ne	version:	66.9.16	Trust: 0.3
vendor:	huawei	model:	honor	scope:	ne	version:	66.9.16	Trust: 0.3

sources: CNVD: CNVD-2016-10430 // BID: 93885 // JVNDB: JVNDB-2016-008264 // CNNVD: CNNVD-201610-763 // NVD: CVE-2016-8768

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-8768
value:	HIGH
Trust: 1.0
NVD:	CVE-2016-8768
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2016-10430
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-201610-763
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-97588
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2016-8768
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2016-10430
severity:	LOW
baseScore:	1.2
vectorString:	AV:L/AC:H/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	1.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-97588
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-8768
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2016-10430 // VULHUB: VHN-97588 // JVNDB: JVNDB-2016-008264 // CNNVD: CNNVD-201610-763 // NVD: CVE-2016-8768

PROBLEMTYPE DATA

problemtype:

CWE-254

Trust: 1.9

sources: VULHUB: VHN-97588 // JVNDB: JVNDB-2016-008264 // NVD: CVE-2016-8768

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201610-763

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201610-763

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-008264

PATCH

title:	huawei-sa-20161026-01-pxn	url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161026-01-pxn-en	Trust: 0.8
title:	Huawei mobile phone has a patch for PXN protection mechanism failure security vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/83312	Trust: 0.6
title:	Huawei Honor6 , Honor6P and Honor7 Remediation measures for denial of service vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65117	Trust: 0.6

sources: CNVD: CNVD-2016-10430 // JVNDB: JVNDB-2016-008264 // CNNVD: CNNVD-201610-763

EXTERNAL IDS

db:	NVD	id:	CVE-2016-8768	Trust: 3.4
db:	BID	id:	93885	Trust: 2.6
db:	JVNDB	id:	JVNDB-2016-008264	Trust: 0.8
db:	CNNVD	id:	CNNVD-201610-763	Trust: 0.7
db:	CNVD	id:	CNVD-2016-10430	Trust: 0.6
db:	VULHUB	id:	VHN-97588	Trust: 0.1

sources: CNVD: CNVD-2016-10430 // VULHUB: VHN-97588 // BID: 93885 // JVNDB: JVNDB-2016-008264 // CNNVD: CNNVD-201610-763 // NVD: CVE-2016-8768

REFERENCES

url:	http://www.securityfocus.com/bid/93885	Trust: 2.3
url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161026-01-pxn-en	Trust: 2.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8768	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2016-8768	Trust: 0.8
url:	http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20161026-01-pxn-cn	Trust: 0.6
url:	http://www.huawei.com	Trust: 0.3

sources: CNVD: CNVD-2016-10430 // VULHUB: VHN-97588 // BID: 93885 // JVNDB: JVNDB-2016-008264 // CNNVD: CNNVD-201610-763 // NVD: CVE-2016-8768

CREDITS

Zhao Jianqiang, Chen Gengjia, Wang Qize, Zhu Bin and Pan Yu.

Trust: 0.9

sources: BID: 93885 // CNNVD: CNNVD-201610-763

SOURCES

db:	CNVD	id:	CNVD-2016-10430
db:	VULHUB	id:	VHN-97588
db:	BID	id:	93885
db:	JVNDB	id:	JVNDB-2016-008264
db:	CNNVD	id:	CNNVD-201610-763
db:	NVD	id:	CVE-2016-8768

LAST UPDATE DATE

2024-11-23T22:07:28.545000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2016-10430	date:	2016-11-01T00:00:00
db:	VULHUB	id:	VHN-97588	date:	2017-04-11T00:00:00
db:	BID	id:	93885	date:	2016-12-20T03:02:00
db:	JVNDB	id:	JVNDB-2016-008264	date:	2017-05-09T00:00:00
db:	CNNVD	id:	CNNVD-201610-763	date:	2016-10-27T00:00:00
db:	NVD	id:	CVE-2016-8768	date:	2024-11-21T03:00:01.270

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2016-10430	date:	2016-11-01T00:00:00
db:	VULHUB	id:	VHN-97588	date:	2017-04-02T00:00:00
db:	BID	id:	93885	date:	2016-10-26T00:00:00
db:	JVNDB	id:	JVNDB-2016-008264	date:	2017-05-09T00:00:00
db:	CNNVD	id:	CNNVD-201610-763	date:	2016-10-27T00:00:00
db:	NVD	id:	CVE-2016-8768	date:	2017-04-02T20:59:01.360