Sign-up

ID

VAR-201704-1026


CVE

CVE-2016-8793


TITLE

plural Huawei Vulnerability that crashes the system on smartphones

Trust: 0.8

sources: JVNDB: JVNDB-2016-008210

DESCRIPTION

Huawei Mate 8 phones with software Versions before NXT-AL10C00B386, Versions before NXT-CL00C92B386, Versions before NXT-DL00C17B386, Versions before NXT-TL00C01B386; Mate S phones with software Versions before CRR-CL00C92B368, Versions before CRR-CL20C92B368, Versions before CRR-TL00C01B368, Versions before CRR-UL00C00B368, Versions before CRR-UL20C00B368; and P8 phones with software Versions before GRA-TL00C01B366, Versions before GRA-CL00C92B366, Versions before GRA-CL10C92B366, Versions before GRA-UL00C00B366, Versions before GRA-UL10C00B366 allow attackers with graphic or Camera privilege to crash the system or escalate privilege. Huawei Mate 8 , Mate S ,and P8 Smartphones contain a vulnerability that can crash the system.An attacker with graphic or camera privileges could crash the system or elevate privileges. HuaweiMate8, MateS, and P8 are Huawei smartphones. A number of Huawei phones have security vulnerabilities that lack parameter checking. The premise of the exploit is that the attacker gains Graphic or Camera privileges and entice the user to install a malicious application that can use the application to send specific parameters to the phone, resulting in a system reboot or user privilege escalation. Multiple Huawei Smart Phones are prone to multiple local denial-of-service vulnerabilities. Attackers can exploit these issuee to crash the application, resulting in a denial-of-service condition. The Huawei Mate 8 and others are smartphones from the Chinese company Huawei. The following devices are affected: Huawei Mate 8, Mate S, P8

Trust: 2.52

sources: NVD: CVE-2016-8793 // JVNDB: JVNDB-2016-008210 // CNVD: CNVD-2016-11304 // BID: 94404 // VULHUB: VHN-97613

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-11304

AFFECTED PRODUCTS

vendor:huaweimodel:mate 8scope:eqversion: -

Trust: 1.6

vendor:huaweimodel:mate sscope:eqversion: -

Trust: 1.6

vendor:huaweimodel:p8scope:eqversion: -

Trust: 1.6

vendor:huaweimodel:mate 8scope:ltversion:nxt-al10c00b386

Trust: 0.8

vendor:huaweimodel:mate 8scope:ltversion:nxt-cl00c92b386

Trust: 0.8

vendor:huaweimodel:mate 8scope:ltversion:nxt-dl00c17b386

Trust: 0.8

vendor:huaweimodel:mate 8scope:ltversion:nxt-tl00c01b386

Trust: 0.8

vendor:huaweimodel:mate sscope:ltversion:crr-cl00c92b368

Trust: 0.8

vendor:huaweimodel:mate sscope:ltversion:crr-cl20c92b368

Trust: 0.8

vendor:huaweimodel:mate sscope:ltversion:crr-tl00c01b368

Trust: 0.8

vendor:huaweimodel:mate sscope:ltversion:crr-ul00c00b368

Trust: 0.8

vendor:huaweimodel:mate sscope:ltversion:crr-ul20c00b368

Trust: 0.8

vendor:huaweimodel:p8scope:ltversion:gra-cl00c92b366

Trust: 0.8

vendor:huaweimodel:p8scope:ltversion:gra-cl10c92b366

Trust: 0.8

vendor:huaweimodel:p8scope:ltversion:gra-tl00c01b366

Trust: 0.8

vendor:huaweimodel:p8scope:ltversion:gra-ul00c00b366

Trust: 0.8

vendor:huaweimodel:p8scope:ltversion:gra-ul10c00b366

Trust: 0.8

vendor:huaweimodel:p8 <gra-tl00c01b366scope: - version: -

Trust: 0.6

vendor:huaweimodel:p8 <gra-ul00c00b366scope: - version: -

Trust: 0.6

vendor:huaweimodel:p8 <gra-ul10c00b366scope: - version: -

Trust: 0.6

vendor:huaweimodel:p8 <gra-cl00c92b366scope: - version: -

Trust: 0.6

vendor:huaweimodel:mate <nxt-al10c00b386scope:eqversion:8

Trust: 0.6

vendor:huaweimodel:mate <nxt-cl00c92b386scope:eqversion:8

Trust: 0.6

vendor:huaweimodel:mate <nxt-dl00c17b386scope:eqversion:8

Trust: 0.6

vendor:huaweimodel:mate <nxt-tl00c01b386scope:eqversion:8

Trust: 0.6

vendor:huaweimodel:mate s <crr-cl00c92b368scope: - version: -

Trust: 0.6

vendor:huaweimodel:mate s <crr-cl20c92b368scope: - version: -

Trust: 0.6

vendor:huaweimodel:mate s <crr-tl00c01b368scope: - version: -

Trust: 0.6

vendor:huaweimodel:mate s <crr-ul00c00b368scope: - version: -

Trust: 0.6

vendor:huaweimodel:mate s <crr-ul20c00b368scope: - version: -

Trust: 0.6

vendor:huaweimodel:p8 <gra-cl10c92b366scope: - version: -

Trust: 0.6

vendor:huaweimodel:p8scope:eqversion:0

Trust: 0.3

vendor:huaweimodel:matesscope:eqversion:0

Trust: 0.3

vendor:huaweimodel:matescope:eqversion:80

Trust: 0.3

vendor:huaweimodel:p8 gra-ul10c00b366scope:neversion: -

Trust: 0.3

vendor:huaweimodel:p8 gra-ul00c00b366scope:neversion: -

Trust: 0.3

vendor:huaweimodel:p8 gra-tl00c01b366scope:neversion: -

Trust: 0.3

vendor:huaweimodel:p8 gra-cl10c92b366scope:neversion: -

Trust: 0.3

vendor:huaweimodel:p8 gra-cl00c92b366scope:neversion: -

Trust: 0.3

vendor:huaweimodel:mates crr-ul20c00b368scope:neversion: -

Trust: 0.3

vendor:huaweimodel:mates crr-ul00c00b368scope:neversion: -

Trust: 0.3

vendor:huaweimodel:mates crr-tl00c01b368scope:neversion: -

Trust: 0.3

vendor:huaweimodel:mates crr-cl20c92b368scope:neversion: -

Trust: 0.3

vendor:huaweimodel:mates crr-cl00c92b368scope:neversion: -

Trust: 0.3

vendor:huaweimodel:mate nxt-tl00c01b386scope:neversion:8

Trust: 0.3

vendor:huaweimodel:mate nxt-dl00c17b386scope:neversion:8

Trust: 0.3

vendor:huaweimodel:mate nxt-cl00c92b386scope:neversion:8

Trust: 0.3

vendor:huaweimodel:mate nxt-al10c00b386scope:neversion:8

Trust: 0.3

sources: CNVD: CNVD-2016-11304 // BID: 94404 // JVNDB: JVNDB-2016-008210 // CNNVD: CNNVD-201611-469 // NVD: CVE-2016-8793

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-8793
value: MEDIUM

Trust: 1.0

NVD: CVE-2016-8793
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2016-11304
value: LOW

Trust: 0.6

CNNVD: CNNVD-201611-469
value: MEDIUM

Trust: 0.6

VULHUB: VHN-97613
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-8793
severity: MEDIUM
baseScore: 6.2
vectorString: AV:L/AC:H/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 1.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2016-11304
severity: LOW
baseScore: 1.2
vectorString: AV:L/AC:H/AU:N/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 1.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-97613
severity: MEDIUM
baseScore: 6.2
vectorString: AV:L/AC:H/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 1.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-8793
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2016-11304 // VULHUB: VHN-97613 // JVNDB: JVNDB-2016-008210 // CNNVD: CNNVD-201611-469 // NVD: CVE-2016-8793

PROBLEMTYPE DATA

problemtype:CWE-284

Trust: 1.9

sources: VULHUB: VHN-97613 // JVNDB: JVNDB-2016-008210 // NVD: CVE-2016-8793

THREAT TYPE

local

Trust: 0.9

sources: BID: 94404 // CNNVD: CNNVD-201611-469

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201611-469

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-008210

PATCH
title:huawei-sa-20161116-01-smartphoneurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161116-01-smartphone-en
Trust: 0.8
title:Patches for multiple Huawei mobile phone privilege escalation vulnerabilities (CNVD-2016-11304)url:https://www.cnvd.org.cn/patchInfo/show/84109
Trust: 0.6
title:Multiple Huawei Fixes for mobile local denial of service vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65807
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2016-11304 // 
            
            
            
            JVNDB: JVNDB-2016-008210 // 
            
            
            
            CNNVD: CNNVD-201611-469

EXTERNAL IDS
db:NVDid:CVE-2016-8793
Trust: 3.4
db:BIDid:94404
Trust: 2.6
db:JVNDBid:JVNDB-2016-008210
Trust: 0.8
db:CNNVDid:CNNVD-201611-469
Trust: 0.7
db:CNVDid:CNVD-2016-11304
Trust: 0.6
db:VULHUBid:VHN-97613
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-11304 // 
            
            
            
            VULHUB: VHN-97613 // 
            
            
            
            BID: 94404 // 
            
            
            
            JVNDB: JVNDB-2016-008210 // 
            
            
            
            CNNVD: CNNVD-201611-469 // 
            
            
            
            NVD: CVE-2016-8793

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161116-01-smartphone-en
Trust: 2.0
url:http://www.securityfocus.com/bid/94404
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8793
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2016-8793
Trust: 0.8
url:http://www.huawei.com/cn/psirt/security-advisories/2016/huawei-sa-20161116-01-smartphone-cn
Trust: 0.6
url:http://www.huawei.com
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2016-11304 // 
            
            
            
            VULHUB: VHN-97613 // 
            
            
            
            BID: 94404 // 
            
            
            
            JVNDB: JVNDB-2016-008210 // 
            
            
            
            CNNVD: CNNVD-201611-469 // 
            
            
            
            NVD: CVE-2016-8793

CREDITS
Yang Chengming, Yang Chao, You Ning, Xiao Peng and Song Yang.
Trust: 0.9
sources:
            
            
            BID: 94404 // 
            
            
            
            CNNVD: CNNVD-201611-469

SOURCES
db:CNVDid:CNVD-2016-11304
db:VULHUBid:VHN-97613
db:BIDid:94404
db:JVNDBid:JVNDB-2016-008210
db:CNNVDid:CNNVD-201611-469
db:NVDid:CVE-2016-8793

LAST UPDATE DATE
2024-11-23T22:22:34.032000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-11304date:2016-11-18T00:00:00
db:VULHUBid:VHN-97613date:2017-04-05T00:00:00
db:BIDid:94404date:2016-11-24T01:12:00
db:JVNDBid:JVNDB-2016-008210date:2017-05-02T00:00:00
db:CNNVDid:CNNVD-201611-469date:2016-11-23T00:00:00
db:NVDid:CVE-2016-8793date:2024-11-21T03:00:05.303

SOURCES RELEASE DATE
db:CNVDid:CNVD-2016-11304date:2016-11-18T00:00:00
db:VULHUBid:VHN-97613date:2017-04-02T00:00:00
db:BIDid:94404date:2016-11-18T00:00:00
db:JVNDBid:JVNDB-2016-008210date:2017-05-02T00:00:00
db:CNNVDid:CNNVD-201611-469date:2016-11-23T00:00:00
db:NVDid:CVE-2016-8793date:2017-04-02T20:59:01.737