Details of VAR-201711-0218

ID

VAR-201711-0218

CVE

CVE-2017-2702

TITLE

Mate 9 Vulnerabilities related to authorization, permissions, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2017-010792

DESCRIPTION

Phone Finder in versions earlier before MHA-AL00C00B170 can be bypass. An attacker can bypass the Phone Finder by special steps and obtain the owner of the phone. Mate 9 Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HuaweiMate9 is a smartphone from China's Huawei (huawei) company. PhoneFinder is one of the security mechanisms. It is mainly used to ensure that the phone will not be flashed or restored after the phone is lost or stolen

Trust: 2.25

sources: NVD: CVE-2017-2702 // JVNDB: JVNDB-2017-010792 // CNVD: CNVD-2017-04234 // VULHUB: VHN-110905

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-04234

AFFECTED PRODUCTS

vendor:	huawei	model:	mate 9	scope:	lt	version:	mha-al00c00b170	Trust: 1.0
vendor:	huawei	model:	mate 9	scope:	lte	version:	mha-al00c00b170	Trust: 0.8
vendor:	huawei	model:	mate <mha-al00c00b170	scope:	eq	version:	9	Trust: 0.6

sources: CNVD: CNVD-2017-04234 // JVNDB: JVNDB-2017-010792 // NVD: CVE-2017-2702

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-2702
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-2702
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2017-04234
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201703-1012
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-110905
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2017-2702
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-04234
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-110905
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-2702
baseSeverity:	MEDIUM
baseScore:	6.8
vectorString:	CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-04234 // VULHUB: VHN-110905 // JVNDB: JVNDB-2017-010792 // CNNVD: CNNVD-201703-1012 // NVD: CVE-2017-2702

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-264	Trust: 0.9

sources: VULHUB: VHN-110905 // JVNDB: JVNDB-2017-010792 // NVD: CVE-2017-2702

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201703-1012

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201703-1012

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-010792

PATCH

title:	huawei-sa-20170322-01-smartphone	url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-smartphone-en	Trust: 0.8
title:	HuaweiMate9PhoneFinder bypasses security vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/91644	Trust: 0.6
title:	Huawei Mate 9 Phone Finder Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=68721	Trust: 0.6

sources: CNVD: CNVD-2017-04234 // JVNDB: JVNDB-2017-010792 // CNNVD: CNNVD-201703-1012

EXTERNAL IDS

db:	NVD	id:	CVE-2017-2702	Trust: 3.1
db:	JVNDB	id:	JVNDB-2017-010792	Trust: 0.8
db:	CNNVD	id:	CNNVD-201703-1012	Trust: 0.7
db:	CNVD	id:	CNVD-2017-04234	Trust: 0.6
db:	VULHUB	id:	VHN-110905	Trust: 0.1

sources: CNVD: CNVD-2017-04234 // VULHUB: VHN-110905 // JVNDB: JVNDB-2017-010792 // CNNVD: CNNVD-201703-1012 // NVD: CVE-2017-2702

REFERENCES

url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-smartphone-en	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2702	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-2702	Trust: 0.8
url:	http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20170322-01-smartphone-cn	Trust: 0.6

sources: CNVD: CNVD-2017-04234 // VULHUB: VHN-110905 // JVNDB: JVNDB-2017-010792 // CNNVD: CNNVD-201703-1012 // NVD: CVE-2017-2702

SOURCES

db:	CNVD	id:	CNVD-2017-04234
db:	VULHUB	id:	VHN-110905
db:	JVNDB	id:	JVNDB-2017-010792
db:	CNNVD	id:	CNNVD-201703-1012
db:	NVD	id:	CVE-2017-2702

LAST UPDATE DATE

2024-11-23T23:05:17.662000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-04234	date:	2017-04-11T00:00:00
db:	VULHUB	id:	VHN-110905	date:	2019-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2017-010792	date:	2017-12-25T00:00:00
db:	CNNVD	id:	CNNVD-201703-1012	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2017-2702	date:	2024-11-21T03:24:00.823

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-04234	date:	2017-04-11T00:00:00
db:	VULHUB	id:	VHN-110905	date:	2017-11-22T00:00:00
db:	JVNDB	id:	JVNDB-2017-010792	date:	2017-12-25T00:00:00
db:	CNNVD	id:	CNNVD-201703-1012	date:	2017-03-23T00:00:00
db:	NVD	id:	CVE-2017-2702	date:	2017-11-22T19:29:00.663