Sign-up

ID

VAR-201704-1027


CVE

CVE-2016-8794


TITLE

plural Huawei Vulnerability that crashes the system on smartphones

Trust: 0.8

sources: JVNDB: JVNDB-2016-008226

DESCRIPTION

Huawei Mate 8 phones with software Versions before NXT-AL10C00B386, Versions before NXT-CL00C92B386, Versions before NXT-DL00C17B386, Versions before NXT-TL00C01B386; Mate S phones with software Versions before CRR-CL00C92B368, Versions before CRR-CL20C92B368, Versions before CRR-TL00C01B368, Versions before CRR-UL00C00B368, Versions before CRR-UL20C00B368; and P8 phones with software Versions before GRA-TL00C01B366, Versions before GRA-CL00C92B366, Versions before GRA-CL10C92B366, Versions before GRA-UL00C00B366, Versions before GRA-UL10C00B366 allow attackers with graphic or Camera privilege to crash the system or escalate privilege. Huawei Mate 8 , Mate S ,and P8 Smartphones have vulnerabilities that can cause system crashes or elevated privileges.An attacker with graphic or camera privileges could crash the system or elevate privileges. HuaweiMate8, MateS, and P8 are Huawei smartphones. A number of Huawei phones have security vulnerabilities that lack parameter checking. The premise of the exploit is that the attacker gains Graphic or Camera privileges and entice the user to install a malicious application that can use the application to send specific parameters to the phone, resulting in a system reboot or user privilege escalation. Multiple Huawei Smart Phones are prone to multiple local denial-of-service vulnerabilities. Attackers can exploit these issuee to crash the application, resulting in a denial-of-service condition. The Huawei Mate 8 and others are smartphones from the Chinese company Huawei. The following devices are affected: Huawei Mate 8, Mate S, P8

Trust: 2.61

sources: NVD: CVE-2016-8794 // JVNDB: JVNDB-2016-008226 // CNVD: CNVD-2016-11303 // BID: 94404 // VULHUB: VHN-97614 // VULMON: CVE-2016-8794

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-11303

AFFECTED PRODUCTS

vendor:huaweimodel:mate 8scope:eqversion: -

Trust: 1.6

vendor:huaweimodel:mate sscope:eqversion: -

Trust: 1.6

vendor:huaweimodel:p8scope:eqversion: -

Trust: 1.6

vendor:huaweimodel:mate 8scope:ltversion:nxt-al10c00b386

Trust: 0.8

vendor:huaweimodel:mate 8scope:ltversion:nxt-cl00c92b386

Trust: 0.8

vendor:huaweimodel:mate 8scope:ltversion:nxt-dl00c17b386

Trust: 0.8

vendor:huaweimodel:mate 8scope:ltversion:nxt-tl00c01b386

Trust: 0.8

vendor:huaweimodel:mate sscope:ltversion:crr-cl00c92b368

Trust: 0.8

vendor:huaweimodel:mate sscope:ltversion:crr-cl20c92b368

Trust: 0.8

vendor:huaweimodel:mate sscope:ltversion:crr-tl00c01b368

Trust: 0.8

vendor:huaweimodel:mate sscope:ltversion:crr-ul00c00b368

Trust: 0.8

vendor:huaweimodel:mate sscope:ltversion:crr-ul20c00b368

Trust: 0.8

vendor:huaweimodel:p8scope:ltversion:gra-cl00c92b366

Trust: 0.8

vendor:huaweimodel:p8scope:ltversion:gra-cl10c92b366

Trust: 0.8

vendor:huaweimodel:p8scope:ltversion:gra-tl00c01b366

Trust: 0.8

vendor:huaweimodel:p8scope:ltversion:gra-ul00c00b366

Trust: 0.8

vendor:huaweimodel:p8scope:ltversion:gra-ul10c00b366

Trust: 0.8

vendor:huaweimodel:p8 <gra-tl00c01b366scope: - version: -

Trust: 0.6

vendor:huaweimodel:p8 <gra-ul00c00b366scope: - version: -

Trust: 0.6

vendor:huaweimodel:p8 <gra-ul10c00b366scope: - version: -

Trust: 0.6

vendor:huaweimodel:p8 <gra-cl00c92b366scope: - version: -

Trust: 0.6

vendor:huaweimodel:mate <nxt-al10c00b386scope:eqversion:8

Trust: 0.6

vendor:huaweimodel:mate <nxt-cl00c92b386scope:eqversion:8

Trust: 0.6

vendor:huaweimodel:mate <nxt-dl00c17b386scope:eqversion:8

Trust: 0.6

vendor:huaweimodel:mate <nxt-tl00c01b386scope:eqversion:8

Trust: 0.6

vendor:huaweimodel:mate s <crr-cl00c92b368scope: - version: -

Trust: 0.6

vendor:huaweimodel:mate s <crr-cl20c92b368scope: - version: -

Trust: 0.6

vendor:huaweimodel:mate s <crr-tl00c01b368scope: - version: -

Trust: 0.6

vendor:huaweimodel:mate s <crr-ul00c00b368scope: - version: -

Trust: 0.6

vendor:huaweimodel:mate s <crr-ul20c00b368scope: - version: -

Trust: 0.6

vendor:huaweimodel:p8 <gra-cl10c92b366scope: - version: -

Trust: 0.6

vendor:huaweimodel:p8scope:eqversion:0

Trust: 0.3

vendor:huaweimodel:matesscope:eqversion:0

Trust: 0.3

vendor:huaweimodel:matescope:eqversion:80

Trust: 0.3

vendor:huaweimodel:p8 gra-ul10c00b366scope:neversion: -

Trust: 0.3

vendor:huaweimodel:p8 gra-ul00c00b366scope:neversion: -

Trust: 0.3

vendor:huaweimodel:p8 gra-tl00c01b366scope:neversion: -

Trust: 0.3

vendor:huaweimodel:p8 gra-cl10c92b366scope:neversion: -

Trust: 0.3

vendor:huaweimodel:p8 gra-cl00c92b366scope:neversion: -

Trust: 0.3

vendor:huaweimodel:mates crr-ul20c00b368scope:neversion: -

Trust: 0.3

vendor:huaweimodel:mates crr-ul00c00b368scope:neversion: -

Trust: 0.3

vendor:huaweimodel:mates crr-tl00c01b368scope:neversion: -

Trust: 0.3

vendor:huaweimodel:mates crr-cl20c92b368scope:neversion: -

Trust: 0.3

vendor:huaweimodel:mates crr-cl00c92b368scope:neversion: -

Trust: 0.3

vendor:huaweimodel:mate nxt-tl00c01b386scope:neversion:8

Trust: 0.3

vendor:huaweimodel:mate nxt-dl00c17b386scope:neversion:8

Trust: 0.3

vendor:huaweimodel:mate nxt-cl00c92b386scope:neversion:8

Trust: 0.3

vendor:huaweimodel:mate nxt-al10c00b386scope:neversion:8

Trust: 0.3

sources: CNVD: CNVD-2016-11303 // BID: 94404 // JVNDB: JVNDB-2016-008226 // CNNVD: CNNVD-201611-470 // NVD: CVE-2016-8794

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-8794
value: HIGH

Trust: 1.0

NVD: CVE-2016-8794
value: HIGH

Trust: 0.8

CNVD: CNVD-2016-11303
value: LOW

Trust: 0.6

CNNVD: CNNVD-201611-470
value: MEDIUM

Trust: 0.6

VULHUB: VHN-97614
value: MEDIUM

Trust: 0.1

VULMON: CVE-2016-8794
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-8794
severity: MEDIUM
baseScore: 6.2
vectorString: AV:L/AC:H/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 1.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2016-11303
severity: LOW
baseScore: 1.2
vectorString: AV:L/AC:H/AU:N/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 1.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-97614
severity: MEDIUM
baseScore: 6.2
vectorString: AV:L/AC:H/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 1.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-8794
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2016-11303 // VULHUB: VHN-97614 // VULMON: CVE-2016-8794 // JVNDB: JVNDB-2016-008226 // CNNVD: CNNVD-201611-470 // NVD: CVE-2016-8794

PROBLEMTYPE DATA

problemtype:CWE-284

Trust: 1.9

sources: VULHUB: VHN-97614 // JVNDB: JVNDB-2016-008226 // NVD: CVE-2016-8794

THREAT TYPE

local

Trust: 0.9

sources: BID: 94404 // CNNVD: CNNVD-201611-470

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201611-470

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-008226

PATCH
title:huawei-sa-20161116-01-smartphoneurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161116-01-smartphone-en
Trust: 0.8
title:Patches for privilege escalation vulnerabilities (CNVD-2016-11303) for multiple Huawei phonesurl:https://www.cnvd.org.cn/patchInfo/show/84108
Trust: 0.6
title:Multiple Huawei Fixes for mobile local denial of service vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65808
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2016-11303 // 
            
            
            
            JVNDB: JVNDB-2016-008226 // 
            
            
            
            CNNVD: CNNVD-201611-470

EXTERNAL IDS
db:NVDid:CVE-2016-8794
Trust: 3.5
db:BIDid:94404
Trust: 2.7
db:JVNDBid:JVNDB-2016-008226
Trust: 0.8
db:CNNVDid:CNNVD-201611-470
Trust: 0.7
db:CNVDid:CNVD-2016-11303
Trust: 0.6
db:VULHUBid:VHN-97614
Trust: 0.1
db:VULMONid:CVE-2016-8794
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-11303 // 
            
            
            
            VULHUB: VHN-97614 // 
            
            
            
            VULMON: CVE-2016-8794 // 
            
            
            
            BID: 94404 // 
            
            
            
            JVNDB: JVNDB-2016-008226 // 
            
            
            
            CNNVD: CNNVD-201611-470 // 
            
            
            
            NVD: CVE-2016-8794

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161116-01-smartphone-en
Trust: 2.1
url:http://www.securityfocus.com/bid/94404
Trust: 1.9
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8794
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2016-8794
Trust: 0.8
url:http://www.huawei.com/cn/psirt/security-advisories/2016/huawei-sa-20161116-01-smartphone-cn
Trust: 0.6
url:http://www.huawei.com
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/284.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-11303 // 
            
            
            
            VULHUB: VHN-97614 // 
            
            
            
            VULMON: CVE-2016-8794 // 
            
            
            
            BID: 94404 // 
            
            
            
            JVNDB: JVNDB-2016-008226 // 
            
            
            
            CNNVD: CNNVD-201611-470 // 
            
            
            
            NVD: CVE-2016-8794

CREDITS
Yang Chengming, Yang Chao, You Ning, Xiao Peng and Song Yang.
Trust: 0.9
sources:
            
            
            BID: 94404 // 
            
            
            
            CNNVD: CNNVD-201611-470

SOURCES
db:CNVDid:CNVD-2016-11303
db:VULHUBid:VHN-97614
db:VULMONid:CVE-2016-8794
db:BIDid:94404
db:JVNDBid:JVNDB-2016-008226
db:CNNVDid:CNNVD-201611-470
db:NVDid:CVE-2016-8794

LAST UPDATE DATE
2024-11-23T22:22:34.141000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-11303date:2016-11-18T00:00:00
db:VULHUBid:VHN-97614date:2017-04-05T00:00:00
db:VULMONid:CVE-2016-8794date:2017-04-05T00:00:00
db:BIDid:94404date:2016-11-24T01:12:00
db:JVNDBid:JVNDB-2016-008226date:2017-05-02T00:00:00
db:CNNVDid:CNNVD-201611-470date:2016-11-23T00:00:00
db:NVDid:CVE-2016-8794date:2024-11-21T03:00:05.420

SOURCES RELEASE DATE
db:CNVDid:CNVD-2016-11303date:2016-11-18T00:00:00
db:VULHUBid:VHN-97614date:2017-04-02T00:00:00
db:VULMONid:CVE-2016-8794date:2017-04-02T00:00:00
db:BIDid:94404date:2016-11-18T00:00:00
db:JVNDBid:JVNDB-2016-008226date:2017-05-02T00:00:00
db:CNNVDid:CNNVD-201611-470date:2016-11-23T00:00:00
db:NVDid:CVE-2016-8794date:2017-04-02T20:59:01.767