Details of VAR-201711-0936

ID

VAR-201711-0936

CVE

CVE-2017-8173

TITLE

Huawei Vulnerabilities related to authorization, authority, and access control in smartphone software

Trust: 0.8

sources: JVNDB: JVNDB-2017-010802

DESCRIPTION

Maya-L02,VKY-L09,VTR-L29,Vicky-AL00A,Victoria-AL00A,Warsaw-AL00 smart phones with software of earlier than Maya-L02C636B126 versions,earlier than VKY-L29C10B151 versions,earlier than VTR-L29C10B151 versions,earlier than Vicky-AL00AC00B162 versions,earlier than Victoria-AL00AC00B167 versions,earlier than Warsaw-AL00C00B200 versions have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the configuration flow by some secret code and can perform some operations to update the Google account. As a result, the FRP function is bypassed. Huawei Smartphone software contains vulnerabilities related to authorization, permissions, and access control.Information may be tampered with. Maya-L02, VKY-L09, Vicky-AL00A, and Warsaw-AL00 are all smartphones of Huawei. Huawei Maya-L02 and others are smartphone products of China Huawei (Huawei). There are security vulnerabilities in many Huawei products. The following products and versions are affected: Huawei Maya-L02 prior to Maya-L02C636B126; VKY-L09 prior to VKY-L29C10B151; VTR-L29 prior to VTR-L29C10B151; Vicky-AL00A prior to Vicky-AL00AC00B162; AL00A Victoria-AL00AC00B167 prior to Warsaw-AL00 Warsaw-AL00C00B200 prior

Trust: 2.34

sources: NVD: CVE-2017-8173 // JVNDB: JVNDB-2017-010802 // CNVD: CNVD-2017-24397 // VULHUB: VHN-116376 // VULMON: CVE-2017-8173

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-24397

AFFECTED PRODUCTS

vendor:	huawei	model:	maya-l02	scope:	lt	version:	maya-l02c636b126	Trust: 1.8
vendor:	huawei	model:	vicky-al00a	scope:	lt	version:	vicky-al00ac00b162	Trust: 1.8
vendor:	huawei	model:	victoria-al00a	scope:	lt	version:	victoria-al00ac00b167	Trust: 1.8
vendor:	huawei	model:	vky-l09	scope:	lt	version:	vky-l29c10b151	Trust: 1.8
vendor:	huawei	model:	warsaw-al00	scope:	lt	version:	warsaw-al00c00b200	Trust: 1.8
vendor:	huawei	model:	vky-l29	scope:	lt	version:	vtr-l29c10b151	Trust: 1.0
vendor:	huawei	model:	vtr-l29	scope:	lt	version:	vtr-l29c10b151	Trust: 0.8
vendor:	huawei	model:	maya-l02 <maya-l02c636b126	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	vky-l09 <vky-l29c10b151	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	vtr-l29 <vtr-l29c10b151	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	vicky-al00a <vicky-al00ac00b162	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	victoria-al00a <victoria-al00ac00b167	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	warsaw-al00 <warsaw-al00c00b200	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2017-24397 // JVNDB: JVNDB-2017-010802 // NVD: CVE-2017-8173

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-8173
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-8173
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2017-24397
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201711-961
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-116376
value:	LOW
Trust: 0.1
VULMON:	CVE-2017-8173
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2017-8173
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2017-24397
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:N/I:C/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	COMPLETE
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-116376
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-8173
baseSeverity:	MEDIUM
baseScore:	4.6
vectorString:	CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	0.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-24397 // VULHUB: VHN-116376 // VULMON: CVE-2017-8173 // JVNDB: JVNDB-2017-010802 // CNNVD: CNNVD-201711-961 // NVD: CVE-2017-8173

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-264	Trust: 0.9

sources: VULHUB: VHN-116376 // JVNDB: JVNDB-2017-010802 // NVD: CVE-2017-8173

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201711-961

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201711-961

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-010802

PATCH

title:	huawei-sa-20170715-01-frpbypass	url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170715-01-frpbypass-en	Trust: 0.8
title:	A variety of Huawei mobile phone FRP bypass vulnerability patch	url:	https://www.cnvd.org.cn/patchInfo/show/101431	Trust: 0.6
title:	Multiple Huawei Product security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76671	Trust: 0.6

sources: CNVD: CNVD-2017-24397 // JVNDB: JVNDB-2017-010802 // CNNVD: CNNVD-201711-961

EXTERNAL IDS

db:	NVD	id:	CVE-2017-8173	Trust: 3.2
db:	JVNDB	id:	JVNDB-2017-010802	Trust: 0.8
db:	CNNVD	id:	CNNVD-201711-961	Trust: 0.7
db:	CNVD	id:	CNVD-2017-24397	Trust: 0.6
db:	VULHUB	id:	VHN-116376	Trust: 0.1
db:	VULMON	id:	CVE-2017-8173	Trust: 0.1

sources: CNVD: CNVD-2017-24397 // VULHUB: VHN-116376 // VULMON: CVE-2017-8173 // JVNDB: JVNDB-2017-010802 // CNNVD: CNNVD-201711-961 // NVD: CVE-2017-8173

REFERENCES

url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170715-01-frpbypass-en	Trust: 1.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8173	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-8173	Trust: 0.8
url:	http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20170715-01-frpbypass-cn	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2017-24397 // VULHUB: VHN-116376 // VULMON: CVE-2017-8173 // JVNDB: JVNDB-2017-010802 // CNNVD: CNNVD-201711-961 // NVD: CVE-2017-8173

SOURCES

db:	CNVD	id:	CNVD-2017-24397
db:	VULHUB	id:	VHN-116376
db:	VULMON	id:	CVE-2017-8173
db:	JVNDB	id:	JVNDB-2017-010802
db:	CNNVD	id:	CNNVD-201711-961
db:	NVD	id:	CVE-2017-8173

LAST UPDATE DATE

2024-11-23T22:48:53.111000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-24397	date:	2017-09-03T00:00:00
db:	VULHUB	id:	VHN-116376	date:	2019-10-03T00:00:00
db:	VULMON	id:	CVE-2017-8173	date:	2019-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2017-010802	date:	2017-12-25T00:00:00
db:	CNNVD	id:	CNNVD-201711-961	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2017-8173	date:	2024-11-21T03:33:28.133

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-24397	date:	2017-09-03T00:00:00
db:	VULHUB	id:	VHN-116376	date:	2017-11-22T00:00:00
db:	VULMON	id:	CVE-2017-8173	date:	2017-11-22T00:00:00
db:	JVNDB	id:	JVNDB-2017-010802	date:	2017-12-25T00:00:00
db:	CNNVD	id:	CNNVD-201711-961	date:	2017-11-23T00:00:00
db:	NVD	id:	CVE-2017-8173	date:	2017-11-22T19:29:04.083