Sign-up

ID

VAR-201704-1025


CVE

CVE-2016-8792


TITLE

plural Huawei Vulnerability that crashes the system on smartphones

Trust: 0.8

sources: JVNDB: JVNDB-2016-008225

DESCRIPTION

Huawei Mate 8 phones with software Versions before NXT-AL10C00B386, Versions before NXT-CL00C92B386, Versions before NXT-DL00C17B386, Versions before NXT-TL00C01B386; Mate S phones with software Versions before CRR-CL00C92B368, Versions before CRR-CL20C92B368, Versions before CRR-TL00C01B368, Versions before CRR-UL00C00B368, Versions before CRR-UL20C00B368; and P8 phones with software Versions before GRA-TL00C01B366, Versions before GRA-CL00C92B366, Versions before GRA-CL10C92B366, Versions before GRA-UL00C00B366, Versions before GRA-UL10C00B366 allow attackers with graphic or Camera privilege to crash the system or escalate privilege. Huawei Mate 8 , Mate S ,and P8 Smartphones have vulnerabilities that can cause system crashes or elevated privileges.An attacker with graphic or camera privileges could crash the system or elevate privileges. HuaweiMate8, MateS, and P8 are Huawei smartphones. A number of Huawei phones have security vulnerabilities that lack parameter checking. The premise of the exploit is that the attacker gains Graphic or Camera privileges and entice the user to install a malicious application that can use the application to send specific parameters to the phone, resulting in a system reboot or user privilege escalation. Multiple Huawei Smart Phones are prone to multiple local denial-of-service vulnerabilities. Attackers can exploit these issuee to crash the application, resulting in a denial-of-service condition. The Huawei Mate 8 and others are smartphones from the Chinese company Huawei. The following devices are affected: Huawei Mate 8, Mate S, P8

Trust: 2.52

sources: NVD: CVE-2016-8792 // JVNDB: JVNDB-2016-008225 // CNVD: CNVD-2016-11305 // BID: 94404 // VULHUB: VHN-97612

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-11305

AFFECTED PRODUCTS

vendor:huaweimodel:mate 8scope:eqversion: -

Trust: 1.6

vendor:huaweimodel:mate sscope:eqversion: -

Trust: 1.6

vendor:huaweimodel:p8scope:eqversion: -

Trust: 1.6

vendor:huaweimodel:mate 8scope:ltversion:nxt-al10c00b386

Trust: 0.8

vendor:huaweimodel:mate 8scope:ltversion:nxt-cl00c92b386

Trust: 0.8

vendor:huaweimodel:mate 8scope:ltversion:nxt-dl00c17b386

Trust: 0.8

vendor:huaweimodel:mate 8scope:ltversion:nxt-tl00c01b386

Trust: 0.8

vendor:huaweimodel:mate sscope:ltversion:crr-cl00c92b368

Trust: 0.8

vendor:huaweimodel:mate sscope:ltversion:crr-cl20c92b368

Trust: 0.8

vendor:huaweimodel:mate sscope:ltversion:crr-tl00c01b368

Trust: 0.8

vendor:huaweimodel:mate sscope:ltversion:crr-ul00c00b368

Trust: 0.8

vendor:huaweimodel:mate sscope:ltversion:crr-ul20c00b368

Trust: 0.8

vendor:huaweimodel:p8scope:ltversion:gra-cl00c92b366

Trust: 0.8

vendor:huaweimodel:p8scope:ltversion:gra-cl10c92b366

Trust: 0.8

vendor:huaweimodel:p8scope:ltversion:gra-tl00c01b366

Trust: 0.8

vendor:huaweimodel:p8scope:ltversion:gra-ul00c00b366

Trust: 0.8

vendor:huaweimodel:p8scope:ltversion:gra-ul10c00b366

Trust: 0.8

vendor:huaweimodel:p8 <gra-tl00c01b366scope: - version: -

Trust: 0.6

vendor:huaweimodel:p8 <gra-ul00c00b366scope: - version: -

Trust: 0.6

vendor:huaweimodel:p8 <gra-ul10c00b366scope: - version: -

Trust: 0.6

vendor:huaweimodel:p8 <gra-cl00c92b366scope: - version: -

Trust: 0.6

vendor:huaweimodel:mate <nxt-al10c00b386scope:eqversion:8

Trust: 0.6

vendor:huaweimodel:mate <nxt-cl00c92b386scope:eqversion:8

Trust: 0.6

vendor:huaweimodel:mate <nxt-dl00c17b386scope:eqversion:8

Trust: 0.6

vendor:huaweimodel:mate <nxt-tl00c01b386scope:eqversion:8

Trust: 0.6

vendor:huaweimodel:mate s <crr-cl00c92b368scope: - version: -

Trust: 0.6

vendor:huaweimodel:mate s <crr-cl20c92b368scope: - version: -

Trust: 0.6

vendor:huaweimodel:mate s <crr-tl00c01b368scope: - version: -

Trust: 0.6

vendor:huaweimodel:mate s <crr-ul00c00b368scope: - version: -

Trust: 0.6

vendor:huaweimodel:mate s <crr-ul20c00b368scope: - version: -

Trust: 0.6

vendor:huaweimodel:p8 <gra-cl10c92b366scope: - version: -

Trust: 0.6

vendor:huaweimodel:p8scope:eqversion:0

Trust: 0.3

vendor:huaweimodel:matesscope:eqversion:0

Trust: 0.3

vendor:huaweimodel:matescope:eqversion:80

Trust: 0.3

vendor:huaweimodel:p8 gra-ul10c00b366scope:neversion: -

Trust: 0.3

vendor:huaweimodel:p8 gra-ul00c00b366scope:neversion: -

Trust: 0.3

vendor:huaweimodel:p8 gra-tl00c01b366scope:neversion: -

Trust: 0.3

vendor:huaweimodel:p8 gra-cl10c92b366scope:neversion: -

Trust: 0.3

vendor:huaweimodel:p8 gra-cl00c92b366scope:neversion: -

Trust: 0.3

vendor:huaweimodel:mates crr-ul20c00b368scope:neversion: -

Trust: 0.3

vendor:huaweimodel:mates crr-ul00c00b368scope:neversion: -

Trust: 0.3

vendor:huaweimodel:mates crr-tl00c01b368scope:neversion: -

Trust: 0.3

vendor:huaweimodel:mates crr-cl20c92b368scope:neversion: -

Trust: 0.3

vendor:huaweimodel:mates crr-cl00c92b368scope:neversion: -

Trust: 0.3

vendor:huaweimodel:mate nxt-tl00c01b386scope:neversion:8

Trust: 0.3

vendor:huaweimodel:mate nxt-dl00c17b386scope:neversion:8

Trust: 0.3

vendor:huaweimodel:mate nxt-cl00c92b386scope:neversion:8

Trust: 0.3

vendor:huaweimodel:mate nxt-al10c00b386scope:neversion:8

Trust: 0.3

sources: CNVD: CNVD-2016-11305 // BID: 94404 // JVNDB: JVNDB-2016-008225 // CNNVD: CNNVD-201611-468 // NVD: CVE-2016-8792

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-8792
value: HIGH

Trust: 1.0

NVD: CVE-2016-8792
value: HIGH

Trust: 0.8

CNVD: CNVD-2016-11305
value: LOW

Trust: 0.6

CNNVD: CNNVD-201611-468
value: MEDIUM

Trust: 0.6

VULHUB: VHN-97612
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-8792
severity: MEDIUM
baseScore: 6.2
vectorString: AV:L/AC:H/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 1.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2016-11305
severity: LOW
baseScore: 1.2
vectorString: AV:L/AC:H/AU:N/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 1.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-97612
severity: MEDIUM
baseScore: 6.2
vectorString: AV:L/AC:H/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 1.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-8792
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2016-11305 // VULHUB: VHN-97612 // JVNDB: JVNDB-2016-008225 // CNNVD: CNNVD-201611-468 // NVD: CVE-2016-8792

PROBLEMTYPE DATA

problemtype:CWE-284

Trust: 1.9

sources: VULHUB: VHN-97612 // JVNDB: JVNDB-2016-008225 // NVD: CVE-2016-8792

THREAT TYPE

local

Trust: 0.9

sources: BID: 94404 // CNNVD: CNNVD-201611-468

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201611-468

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-008225

PATCH
title:huawei-sa-20161116-01-smartphoneurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161116-01-smartphone-en
Trust: 0.8
title:Patches for multiple Huawei mobile phone privilege escalation vulnerabilities (CNVD-2016-11305)url:https://www.cnvd.org.cn/patchInfo/show/84110
Trust: 0.6
title:Multiple Huawei Fixes for mobile local denial of service vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65806
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2016-11305 // 
            
            
            
            JVNDB: JVNDB-2016-008225 // 
            
            
            
            CNNVD: CNNVD-201611-468

EXTERNAL IDS
db:NVDid:CVE-2016-8792
Trust: 3.4
db:BIDid:94404
Trust: 2.6
db:JVNDBid:JVNDB-2016-008225
Trust: 0.8
db:CNNVDid:CNNVD-201611-468
Trust: 0.7
db:CNVDid:CNVD-2016-11305
Trust: 0.6
db:VULHUBid:VHN-97612
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-11305 // 
            
            
            
            VULHUB: VHN-97612 // 
            
            
            
            BID: 94404 // 
            
            
            
            JVNDB: JVNDB-2016-008225 // 
            
            
            
            CNNVD: CNNVD-201611-468 // 
            
            
            
            NVD: CVE-2016-8792

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161116-01-smartphone-en
Trust: 2.0
url:http://www.securityfocus.com/bid/94404
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8792
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2016-8792
Trust: 0.8
url:http://www.huawei.com/cn/psirt/security-advisories/2016/huawei-sa-20161116-01-smartphone-cn
Trust: 0.6
url:http://www.huawei.com
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2016-11305 // 
            
            
            
            VULHUB: VHN-97612 // 
            
            
            
            BID: 94404 // 
            
            
            
            JVNDB: JVNDB-2016-008225 // 
            
            
            
            CNNVD: CNNVD-201611-468 // 
            
            
            
            NVD: CVE-2016-8792

CREDITS
Yang Chengming, Yang Chao, You Ning, Xiao Peng and Song Yang.
Trust: 0.9
sources:
            
            
            BID: 94404 // 
            
            
            
            CNNVD: CNNVD-201611-468

SOURCES
db:CNVDid:CNVD-2016-11305
db:VULHUBid:VHN-97612
db:BIDid:94404
db:JVNDBid:JVNDB-2016-008225
db:CNNVDid:CNNVD-201611-468
db:NVDid:CVE-2016-8792

LAST UPDATE DATE
2024-11-23T22:22:34.104000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-11305date:2016-11-18T00:00:00
db:VULHUBid:VHN-97612date:2017-04-05T00:00:00
db:BIDid:94404date:2016-11-24T01:12:00
db:JVNDBid:JVNDB-2016-008225date:2017-05-02T00:00:00
db:CNNVDid:CNNVD-201611-468date:2016-11-23T00:00:00
db:NVDid:CVE-2016-8792date:2024-11-21T03:00:05.183

SOURCES RELEASE DATE
db:CNVDid:CNVD-2016-11305date:2016-11-18T00:00:00
db:VULHUBid:VHN-97612date:2017-04-02T00:00:00
db:BIDid:94404date:2016-11-18T00:00:00
db:JVNDBid:JVNDB-2016-008225date:2017-05-02T00:00:00
db:CNNVDid:CNNVD-201611-468date:2016-11-23T00:00:00
db:NVDid:CVE-2016-8792date:2017-04-02T20:59:01.703