Sign-up

ID

VAR-201711-0249


CVE

CVE-2017-2733


TITLE

Huawei Honor 6X Information Disclosure Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2017-04676 // CNNVD: CNNVD-201704-961

DESCRIPTION

Honor 6X smartphones with software versions earlier than BLN-AL10C00B357 and versions earlier than BLN-AL20C00B357 have an information leak vulnerability due to improper file permission configuration. An attacker tricks a user into installing a malicious application on the smart phone, and the application can get the file that keep the cipher text of the SIM card PIN. Honor 6X Smartphone software contains an information disclosure vulnerability.Information may be obtained. HuaweiHonor6X is a smartphone from China's Huawei company. An attacker could exploit this vulnerability to obtain sensitive information

Trust: 2.43

sources: NVD: CVE-2017-2733 // JVNDB: JVNDB-2017-010706 // CNVD: CNVD-2017-04676 // BID: 97700

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-04676

AFFECTED PRODUCTS

vendor:huaweimodel:honor 6xscope:ltversion:bln-al10c00b357

Trust: 1.8

vendor:huaweimodel:honor 6xscope:ltversion:bln-al20c00b357

Trust: 1.8

vendor:huaweimodel:honor <bln-al10c00b357scope:eqversion:6x

Trust: 0.6

vendor:huaweimodel:honor <bln-al20c00b357scope:eqversion:6x

Trust: 0.6

vendor:huaweimodel:honorscope:eqversion:6x0

Trust: 0.3

vendor:huaweimodel:honor bln-al20c00b357scope:neversion:6x

Trust: 0.3

vendor:huaweimodel:honor bln-al10c00b357scope:neversion:6x

Trust: 0.3

sources: CNVD: CNVD-2017-04676 // BID: 97700 // JVNDB: JVNDB-2017-010706 // NVD: CVE-2017-2733

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-2733
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-2733
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2017-04676
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201704-961
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2017-2733
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-04676
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:C/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2017-2733
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-04676 // JVNDB: JVNDB-2017-010706 // CNNVD: CNNVD-201704-961 // NVD: CVE-2017-2733

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.8

sources: JVNDB: JVNDB-2017-010706 // NVD: CVE-2017-2733

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201704-961

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201704-961

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-010706

PATCH
title:huawei-sa-20170405-02-smartphoneurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170405-02-smartphone-en
Trust: 0.8
title:HuaweiHonor6X Information Disclosure Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/92015
Trust: 0.6
title:Huawei Honor 6X Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75148
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-04676 // 
            
            
            
            JVNDB: JVNDB-2017-010706 // 
            
            
            
            CNNVD: CNNVD-201704-961

EXTERNAL IDS
db:NVDid:CVE-2017-2733
Trust: 3.3
db:BIDid:97700
Trust: 1.9
db:JVNDBid:JVNDB-2017-010706
Trust: 0.8
db:CNVDid:CNVD-2017-04676
Trust: 0.6
db:CNNVDid:CNNVD-201704-961
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-04676 // 
            
            
            
            BID: 97700 // 
            
            
            
            JVNDB: JVNDB-2017-010706 // 
            
            
            
            CNNVD: CNNVD-201704-961 // 
            
            
            
            NVD: CVE-2017-2733

REFERENCES
url:http://www.securityfocus.com/bid/97700
Trust: 1.6
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170405-02-smartphone-en
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2733
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-2733
Trust: 0.8
url:http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20170405-02-smartphone-cn
Trust: 0.6
url:http://www.huawei.com
Trust: 0.3
url:http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170405-02-smartphone-en
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-04676 // 
            
            
            
            BID: 97700 // 
            
            
            
            JVNDB: JVNDB-2017-010706 // 
            
            
            
            CNNVD: CNNVD-201704-961 // 
            
            
            
            NVD: CVE-2017-2733

CREDITS
Huawei
Trust: 0.9
sources:
            
            
            BID: 97700 // 
            
            
            
            CNNVD: CNNVD-201704-961

SOURCES
db:CNVDid:CNVD-2017-04676
db:BIDid:97700
db:JVNDBid:JVNDB-2017-010706
db:CNNVDid:CNNVD-201704-961
db:NVDid:CVE-2017-2733

LAST UPDATE DATE
2024-11-23T22:56:04.054000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-04676date:2017-04-19T00:00:00
db:BIDid:97700date:2017-04-18T00:07:00
db:JVNDBid:JVNDB-2017-010706date:2017-12-21T00:00:00
db:CNNVDid:CNNVD-201704-961date:2017-10-09T00:00:00
db:NVDid:CVE-2017-2733date:2024-11-21T03:24:04.523

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-04676date:2017-04-19T00:00:00
db:BIDid:97700date:2017-04-05T00:00:00
db:JVNDBid:JVNDB-2017-010706date:2017-12-21T00:00:00
db:CNNVDid:CNNVD-201704-961date:2017-04-05T00:00:00
db:NVDid:CVE-2017-2733date:2017-11-22T19:29:01.850