Sign-up

ID

VAR-201709-0053


CVE

CVE-2015-8224


TITLE

Huawei P8 Information Disclosure Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2017-30096 // CNNVD: CNNVD-201709-961

DESCRIPTION

Huawei P8 before GRA-CL00C92B210, before GRA-L09C432B200, before GRA-TL00C01B210, and before GRA-UL00C00B210 allows remote attackers to obtain user equipment (aka UE) measurements of signal strengths. Huawei P8 Contains an information disclosure vulnerability.Information may be obtained. HuaweiP8 is a smartphone product from China's Huawei company. The vulnerability stems from the P8 mobile phone failing to judge its own security status when sending specific signaling to the base station. The attacker can use the pseudo base station to construct a specific scenario to exploit the vulnerability to obtain signaling (including the userequipment (UE) wireless signal strength measurement value) before the P8 completes the security activation. The following versions are affected: Huawei versions prior to GRA-CL00C92B210, versions prior to GRA-L09C432B200, versions prior to GRA-TL00C01B210, versions prior to GRA-UL00C00B210

Trust: 2.25

sources: NVD: CVE-2015-8224 // JVNDB: JVNDB-2015-007908 // CNVD: CNVD-2017-30096 // VULHUB: VHN-86185

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-30096

AFFECTED PRODUCTS

vendor:huaweimodel:p8scope:eqversion: -

Trust: 1.6

vendor:huaweimodel:p8scope:ltversion:gra-cl00c92b210

Trust: 0.8

vendor:huaweimodel:p8scope:ltversion:gra-l09c432b200

Trust: 0.8

vendor:huaweimodel:p8scope:ltversion:gra-tl00c01b210

Trust: 0.8

vendor:huaweimodel:p8scope:ltversion:gra-ul00c00b210

Trust: 0.8

vendor:huaweimodel:p8scope: - version: -

Trust: 0.6

vendor:huaweimodel:p8 <=gra-cl00c92b210scope: - version: -

Trust: 0.6

vendor:huaweimodel:p8 <=gra-l09c432b200scope: - version: -

Trust: 0.6

vendor:huaweimodel:p8 <=gra-tl00c01b210scope: - version: -

Trust: 0.6

vendor:huaweimodel:p8 <=gra-ul00c00b210scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2017-30096 // JVNDB: JVNDB-2015-007908 // CNNVD: CNNVD-201709-961 // NVD: CVE-2015-8224

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-8224
value: LOW

Trust: 1.0

NVD: CVE-2015-8224
value: LOW

Trust: 0.8

CNVD: CNVD-2017-30096
value: LOW

Trust: 0.6

CNNVD: CNNVD-201709-961
value: MEDIUM

Trust: 0.6

VULHUB: VHN-86185
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-8224
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-30096
severity: LOW
baseScore: 2.6
vectorString: AV:N/AC:H/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 4.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-86185
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2015-8224
baseSeverity: LOW
baseScore: 3.7
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-30096 // VULHUB: VHN-86185 // JVNDB: JVNDB-2015-007908 // CNNVD: CNNVD-201709-961 // NVD: CVE-2015-8224

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-86185 // JVNDB: JVNDB-2015-007908 // NVD: CVE-2015-8224

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201709-961

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201709-961

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-007908

PATCH
title:Huawei-SA-20151029-01-UEurl:http://www.huawei.com/en/psirt/security-advisories/hw-459832
Trust: 0.8
title:HuaweiP8 information disclosure vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/103638
Trust: 0.6
title:Huawei P8 Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75013
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-30096 // 
            
            
            
            JVNDB: JVNDB-2015-007908 // 
            
            
            
            CNNVD: CNNVD-201709-961

EXTERNAL IDS
db:NVDid:CVE-2015-8224
Trust: 3.1
db:JVNDBid:JVNDB-2015-007908
Trust: 0.8
db:CNNVDid:CNNVD-201709-961
Trust: 0.7
db:CNVDid:CNVD-2017-30096
Trust: 0.6
db:VULHUBid:VHN-86185
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-30096 // 
            
            
            
            VULHUB: VHN-86185 // 
            
            
            
            JVNDB: JVNDB-2015-007908 // 
            
            
            
            CNNVD: CNNVD-201709-961 // 
            
            
            
            NVD: CVE-2015-8224

REFERENCES
url:http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-459832.htm
Trust: 2.3
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8224
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2015-8224
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2017-30096 // 
            
            
            
            VULHUB: VHN-86185 // 
            
            
            
            JVNDB: JVNDB-2015-007908 // 
            
            
            
            CNNVD: CNNVD-201709-961 // 
            
            
            
            NVD: CVE-2015-8224

SOURCES
db:CNVDid:CNVD-2017-30096
db:VULHUBid:VHN-86185
db:JVNDBid:JVNDB-2015-007908
db:CNNVDid:CNNVD-201709-961
db:NVDid:CVE-2015-8224

LAST UPDATE DATE
2024-11-23T21:53:48.561000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-30096date:2017-10-16T00:00:00
db:VULHUBid:VHN-86185date:2017-09-23T00:00:00
db:JVNDBid:JVNDB-2015-007908date:2017-10-11T00:00:00
db:CNNVDid:CNNVD-201709-961date:2017-09-21T00:00:00
db:NVDid:CVE-2015-8224date:2024-11-21T02:38:07.337

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-30096date:2017-10-16T00:00:00
db:VULHUBid:VHN-86185date:2017-09-20T00:00:00
db:JVNDBid:JVNDB-2015-007908date:2017-10-11T00:00:00
db:CNNVDid:CNNVD-201709-961date:2017-09-21T00:00:00
db:NVDid:CVE-2015-8224date:2017-09-20T16:29:00.787