Details of VAR-201711-0222

ID

VAR-201711-0222

CVE

CVE-2017-2706

TITLE

Mate 9 Smartphone software path traversal vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-010751

DESCRIPTION

Mate 9 smartphones with software MHA-AL00AC00B125 have a directory traversal vulnerability in Push module. Since the system does not verify the file name during decompression, system directories are traversed. It could be exploited to cause the attacker to replace files and impact the service. Mate 9 Smartphone software contains a path traversal vulnerability.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. HuaweiMate9 is a smartphone from China's Huawei company. Pushmodule is one of the message push modules

Trust: 2.25

sources: NVD: CVE-2017-2706 // JVNDB: JVNDB-2017-010751 // CNVD: CNVD-2017-21241 // VULHUB: VHN-110909

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-21241

AFFECTED PRODUCTS

vendor:	huawei	model:	mate 9	scope:	eq	version:	mha-al00ac00b125	Trust: 1.4
vendor:	huawei	model:	mate 9	scope:	lte	version:	mha-al00ac00b125	Trust: 1.0
vendor:	huawei	model:	mate mha-al00ac00b125	scope:	eq	version:	9	Trust: 0.6

sources: CNVD: CNVD-2017-21241 // JVNDB: JVNDB-2017-010751 // CNNVD: CNNVD-201707-655 // NVD: CVE-2017-2706

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-2706
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-2706
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2017-21241
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-201707-655
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-110909
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-2706
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-21241
severity:	LOW
baseScore:	3.6
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-110909
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-2706
baseSeverity:	HIGH
baseScore:	7.1
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.2
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-21241 // VULHUB: VHN-110909 // JVNDB: JVNDB-2017-010751 // CNNVD: CNNVD-201707-655 // NVD: CVE-2017-2706

PROBLEMTYPE DATA

problemtype:

CWE-22

Trust: 1.9

sources: VULHUB: VHN-110909 // JVNDB: JVNDB-2017-010751 // NVD: CVE-2017-2706

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201707-655

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-201707-655

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-010751

PATCH

title:	huawei-sa-20170712-01-push	url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170712-01-push-en	Trust: 0.8
title:	HuaweiMate9Push module directory traversal vulnerability patch	url:	https://www.cnvd.org.cn/patchInfo/show/100233	Trust: 0.6
title:	Huawei Mate 9 Push Fixes for module path traversal vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=71753	Trust: 0.6

sources: CNVD: CNVD-2017-21241 // JVNDB: JVNDB-2017-010751 // CNNVD: CNNVD-201707-655

EXTERNAL IDS

db:	NVD	id:	CVE-2017-2706	Trust: 3.1
db:	JVNDB	id:	JVNDB-2017-010751	Trust: 0.8
db:	CNNVD	id:	CNNVD-201707-655	Trust: 0.7
db:	CNVD	id:	CNVD-2017-21241	Trust: 0.6
db:	VULHUB	id:	VHN-110909	Trust: 0.1

sources: CNVD: CNVD-2017-21241 // VULHUB: VHN-110909 // JVNDB: JVNDB-2017-010751 // CNNVD: CNNVD-201707-655 // NVD: CVE-2017-2706

REFERENCES

url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170712-01-push-en	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2706	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-2706	Trust: 0.8
url:	http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20170712-01-push-cn	Trust: 0.6

sources: CNVD: CNVD-2017-21241 // VULHUB: VHN-110909 // JVNDB: JVNDB-2017-010751 // CNNVD: CNNVD-201707-655 // NVD: CVE-2017-2706

CREDITS

Huawei

Trust: 0.6

sources: CNNVD: CNNVD-201707-655

SOURCES

db:	CNVD	id:	CNVD-2017-21241
db:	VULHUB	id:	VHN-110909
db:	JVNDB	id:	JVNDB-2017-010751
db:	CNNVD	id:	CNNVD-201707-655
db:	NVD	id:	CVE-2017-2706

LAST UPDATE DATE

2024-11-23T22:17:46.324000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-21241	date:	2017-08-16T00:00:00
db:	VULHUB	id:	VHN-110909	date:	2017-12-11T00:00:00
db:	JVNDB	id:	JVNDB-2017-010751	date:	2017-12-21T00:00:00
db:	CNNVD	id:	CNNVD-201707-655	date:	2017-07-17T00:00:00
db:	NVD	id:	CVE-2017-2706	date:	2024-11-21T03:24:01.293

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-21241	date:	2017-08-16T00:00:00
db:	VULHUB	id:	VHN-110909	date:	2017-11-22T00:00:00
db:	JVNDB	id:	JVNDB-2017-010751	date:	2017-12-21T00:00:00
db:	CNNVD	id:	CNNVD-201707-655	date:	2017-07-17T00:00:00
db:	NVD	id:	CVE-2017-2706	date:	2017-11-22T19:29:00.803