Sign-up

ID

VAR-201710-0155


CVE

CVE-2015-4422


TITLE

Huawei Mate 7 Smartphone buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2015-008042

DESCRIPTION

The TEEOS module in Huawei Mate 7 (Mate7-TL10) smartphones before V100R001CHNC00B126SP03 allows local users with root permissions to gain privileges or cause a denial of service (memory corruption) via a crafted application. Huawei Mate 7 (Mate7-TL10) Smartphones contain a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Huawei Mate 7 is a smartphone developed by Huawei in China. A security vulnerability exists on the Huawei Mate 7 TEEOS module, allowing local attackers to exploit the vulnerability to increase privileges. Huawei Mate 7 Smartphone is prone to multiple local privilege escalation vulnerabilities. TEEOS module is one of the TEEOS modules. Attackers can use this vulnerability to cause denial of service (TEEOS crash) or implant and execute malicious code in TEEOS by obtaining the root privilege of the Android system and passing an abnormal address to TEEOS

Trust: 2.52

sources: NVD: CVE-2015-4422 // JVNDB: JVNDB-2015-008042 // CNVD: CNVD-2015-03418 // BID: 74742 // VULHUB: VHN-82383

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2015-03418

AFFECTED PRODUCTS

vendor:huaweimodel:mate 7scope:lteversion:v100r001chnc00b123sp03

Trust: 1.0

vendor:huaweimodel:mate 7scope:ltversion:v100r001chnc00b126sp03

Trust: 0.8

vendor:huaweimodel:mate smartphonescope:eqversion:7

Trust: 0.6

vendor:huaweimodel:mate 7scope:eqversion:v100r001chnc00b123sp03

Trust: 0.6

sources: CNVD: CNVD-2015-03418 // JVNDB: JVNDB-2015-008042 // CNNVD: CNNVD-201710-681 // NVD: CVE-2015-4422

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-4422
value: HIGH

Trust: 1.0

NVD: CVE-2015-4422
value: HIGH

Trust: 0.8

CNVD: CNVD-2015-03418
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201710-681
value: HIGH

Trust: 0.6

VULHUB: VHN-82383
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2015-4422
severity: HIGH
baseScore: 7.6
vectorString: AV:N/AC:H/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 4.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2015-03418
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-82383
severity: HIGH
baseScore: 7.6
vectorString: AV:N/AC:H/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 4.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2015-4422
baseSeverity: HIGH
baseScore: 7.0
vectorString: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.0
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2015-03418 // VULHUB: VHN-82383 // JVNDB: JVNDB-2015-008042 // CNNVD: CNNVD-201710-681 // NVD: CVE-2015-4422

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-82383 // JVNDB: JVNDB-2015-008042 // NVD: CVE-2015-4422

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201710-681

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201710-681

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-008042

PATCH
title:Huawei-SA-20150520-01-MATE7url:http://www.huawei.com/en/psirt/security-advisories/hw-432799
Trust: 0.8
title:Huawei Mate 7 Local Privilege Escalation Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/59003
Trust: 0.6
title:Huawei Mate 7 Mobile phone TEEOS Fixes for module permissions licensing and access control vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75692
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2015-03418 // 
            
            
            
            JVNDB: JVNDB-2015-008042 // 
            
            
            
            CNNVD: CNNVD-201710-681

EXTERNAL IDS
db:NVDid:CVE-2015-4422
Trust: 3.4
db:BIDid:74742
Trust: 2.6
db:JVNDBid:JVNDB-2015-008042
Trust: 0.8
db:CNNVDid:CNNVD-201710-681
Trust: 0.7
db:CNVDid:CNVD-2015-03418
Trust: 0.6
db:VULHUBid:VHN-82383
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2015-03418 // 
            
            
            
            VULHUB: VHN-82383 // 
            
            
            
            BID: 74742 // 
            
            
            
            JVNDB: JVNDB-2015-008042 // 
            
            
            
            CNNVD: CNNVD-201710-681 // 
            
            
            
            NVD: CVE-2015-4422

REFERENCES
url:http://www.securityfocus.com/bid/74742
Trust: 2.3
url:http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-432799.htm
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4422
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2015-4422
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2015-03418 // 
            
            
            
            VULHUB: VHN-82383 // 
            
            
            
            JVNDB: JVNDB-2015-008042 // 
            
            
            
            CNNVD: CNNVD-201710-681 // 
            
            
            
            NVD: CVE-2015-4422

CREDITS
Di Shen of Qihoo 360 Technology
Trust: 0.3
sources:
            
            
            BID: 74742

SOURCES
db:CNVDid:CNVD-2015-03418
db:VULHUBid:VHN-82383
db:BIDid:74742
db:JVNDBid:JVNDB-2015-008042
db:CNNVDid:CNNVD-201710-681
db:NVDid:CVE-2015-4422

LAST UPDATE DATE
2024-11-23T22:00:52.313000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2015-03418date:2015-05-28T00:00:00
db:VULHUBid:VHN-82383date:2017-11-08T00:00:00
db:BIDid:74742date:2015-11-03T19:04:00
db:JVNDBid:JVNDB-2015-008042date:2017-11-15T00:00:00
db:CNNVDid:CNNVD-201710-681date:2017-10-26T00:00:00
db:NVDid:CVE-2015-4422date:2024-11-21T02:31:02.187

SOURCES RELEASE DATE
db:CNVDid:CNVD-2015-03418date:2015-05-28T00:00:00
db:VULHUBid:VHN-82383date:2017-10-19T00:00:00
db:BIDid:74742date:2015-05-20T00:00:00
db:JVNDBid:JVNDB-2015-008042date:2017-11-15T00:00:00
db:CNNVDid:CNNVD-201710-681date:2017-10-26T00:00:00
db:NVDid:CVE-2015-4422date:2017-10-19T21:29:00.377