Sign-up

ID

VAR-201711-1029


CVE

CVE-2017-8214


TITLE

plural Huawei Vulnerabilities related to authorization, authority, and access control in smartphone software

Trust: 0.8

sources: JVNDB: JVNDB-2017-010591

DESCRIPTION

Honor 8,Honor V8,Honor 9,Honor V9,Nova 2,Nova 2 Plus,P9,P10 Plus,Toronto Huawei smart phones with software of versions earlier than FRD-AL00C00B391, versions earlier than FRD-DL00C00B391, versions earlier than KNT-AL10C00B391, versions earlier than KNT-AL20C00B391, versions earlier than KNT-UL10C00B391, versions earlier than KNT-TL10C00B391, versions earlier than Stanford-AL00C00B175, versions earlier than Stanford-AL10C00B175, versions earlier than Stanford-TL00C01B175, versions earlier than Duke-AL20C00B191, versions earlier than Duke-TL30C01B191, versions earlier than Picasso-AL00C00B162, versions earlier than Picasso-TL00C01B162 , versions earlier than Barca-AL00C00B162, versions earlier than Barca-TL00C00B162, versions earlier than EVA-AL10C00B396SP03, versions earlier than EVA-CL00C92B396, versions earlier than EVA-DL00C17B396, versions earlier than EVA-TL00C01B396 , versions earlier than Vicky-AL00AC00B172, versions earlier than Toronto-AL00AC00B191, versions earlier than Toronto-TL10C01B191 have an unlock code verification bypassing vulnerability. An attacker with the root privilege of a mobile can exploit this vulnerability to bypass the unlock code verification and unlock the mobile phone bootloader. plural Huawei Smartphone software contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Glory 8, Glory V8, Glory 9, Glory V9, Enjoy 7Plus, P9, P10Plus, Nova2 and Nova2Plus are all Huawei smartphones from China. The Huawei Honor 8 and others are smartphone products of the Chinese company Huawei. Several Huawei products have security vulnerabilities

Trust: 2.25

sources: NVD: CVE-2017-8214 // JVNDB: JVNDB-2017-010591 // CNVD: CNVD-2017-28206 // VULHUB: VHN-116417

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-28206

AFFECTED PRODUCTS

vendor:huaweimodel:nova 2 plusscope:ltversion:barca-al00c00b162

Trust: 1.0

vendor:huaweimodel:honor v8scope:ltversion:knt-tl10c00b391

Trust: 1.0

vendor:huaweimodel:p9scope:ltversion:eva-cl00c92b396

Trust: 1.0

vendor:huaweimodel:nova 2 plusscope:ltversion:barca-tl00c00b162

Trust: 1.0

vendor:huaweimodel:p9scope:ltversion:eva-dl00c17b396

Trust: 1.0

vendor:huaweimodel:nova 2scope:ltversion:picasso-al00c00b162

Trust: 1.0

vendor:huaweimodel:nova 2scope:ltversion:picasso-tl00c01b162

Trust: 1.0

vendor:huaweimodel:honor 9scope:ltversion:stanford-al00c00b175

Trust: 1.0

vendor:huaweimodel:honor v9scope:ltversion:duke-tl30c01b191

Trust: 1.0

vendor:huaweimodel:torontoscope:ltversion:toronto-al00ac00b191

Trust: 1.0

vendor:huaweimodel:honor v8scope:ltversion:knt-al20c00b391

Trust: 1.0

vendor:huaweimodel:honor 8scope:ltversion:frd-dl00c00b391

Trust: 1.0

vendor:huaweimodel:honor v8scope:ltversion:knt-ul10c00b391

Trust: 1.0

vendor:huaweimodel:torontoscope:ltversion:toronto-tl10c01b191

Trust: 1.0

vendor:huaweimodel:p9scope:ltversion:eva-tl00c01b396

Trust: 1.0

vendor:huaweimodel:honor 9scope:ltversion:stanford-tl00c01b175

Trust: 1.0

vendor:huaweimodel:honor v8scope:ltversion:knt-al10c00b391

Trust: 1.0

vendor:huaweimodel:honor 9scope:ltversion:stanford-al10c00b175

Trust: 1.0

vendor:huaweimodel:honor v9scope:ltversion:duke-al20c00b191

Trust: 1.0

vendor:huaweimodel:p9scope:ltversion:eva-al10c00b396sp03

Trust: 1.0

vendor:huaweimodel:honor 8scope:ltversion:frd-al00c00b391

Trust: 1.0

vendor:huaweimodel:p10 plusscope:ltversion:vicky-al00ac00b172

Trust: 1.0

vendor:huaweimodel:honor 8scope: - version: -

Trust: 0.8

vendor:huaweimodel:honor 9scope: - version: -

Trust: 0.8

vendor:huaweimodel:honor v8scope: - version: -

Trust: 0.8

vendor:huaweimodel:honor v9scope: - version: -

Trust: 0.8

vendor:huaweimodel:nova 2 plusscope: - version: -

Trust: 0.8

vendor:huaweimodel:nova 2scope: - version: -

Trust: 0.8

vendor:huaweimodel:p10 plusscope: - version: -

Trust: 0.8

vendor:huaweimodel:p9scope: - version: -

Trust: 0.8

vendor:huaweimodel:torontoscope: - version: -

Trust: 0.8

vendor:huaweimodel:nova plus <=barca-al00c00b162scope:eqversion:2

Trust: 0.6

vendor:huaweimodel:nova plus <=barca-tl00c00b162scope:eqversion:2

Trust: 0.6

vendor:huaweimodel:nova <=picasso-al00c00b162scope:eqversion:2

Trust: 0.6

vendor:huaweimodel:nova <=picasso-tl00c00b162scope:eqversion:2

Trust: 0.6

vendor:huaweimodel:p10 plus <=vicky-al00ac00b172scope: - version: -

Trust: 0.6

vendor:huaweimodel:p9 <=eva-al10c00b396sp03scope: - version: -

Trust: 0.6

vendor:huaweimodel:p9 <=eva-cl00c92b396scope: - version: -

Trust: 0.6

vendor:huaweimodel:p9 <=eva-dl00c17b396scope: - version: -

Trust: 0.6

vendor:huaweimodel:p9 <=eva-tl00c01b396scope: - version: -

Trust: 0.6

vendor:huaweimodel:enjoy plus <=toronto-al00ac00b191scope:eqversion:7

Trust: 0.6

vendor:huaweimodel:enjoy plus <=toronto-tl10c01b191scope:eqversion:7

Trust: 0.6

vendor:huaweimodel:glory <=duke-al20c00b191scope:eqversion:v9

Trust: 0.6

vendor:huaweimodel:glory <=duke-tl30c01b191scope:eqversion:v9

Trust: 0.6

vendor:huaweimodel:glory <=stanford-al00c00b175scope:eqversion:9

Trust: 0.6

vendor:huaweimodel:glory <=stanford-al10c00b175scope:eqversion:9

Trust: 0.6

vendor:huaweimodel:glory <=stanford-tl00c01b175scope:eqversion:9

Trust: 0.6

vendor:huaweimodel:glory <=frd-dl00c00b391scope:eqversion:v8

Trust: 0.6

vendor:huaweimodel:glory <=knt-al10c00b391scope:eqversion:v8

Trust: 0.6

vendor:huaweimodel:glory <=knt-al20c00b391scope:eqversion:v8

Trust: 0.6

vendor:huaweimodel:glory <=knt-ul10c00b391scope:eqversion:v8

Trust: 0.6

vendor:huaweimodel:glory <=knt-tl10c00b391scope:eqversion:v8

Trust: 0.6

vendor:huaweimodel:glory <=frd-al00c00b391scope:eqversion:8

Trust: 0.6

sources: CNVD: CNVD-2017-28206 // JVNDB: JVNDB-2017-010591 // NVD: CVE-2017-8214

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-8214
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-8214
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2017-28206
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201711-931
value: MEDIUM

Trust: 0.6

VULHUB: VHN-116417
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-8214
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-28206
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:H/AU:N/C:N/I:C/A:C
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 4.9
impactScore: 9.2
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-116417
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-8214
baseSeverity: MEDIUM
baseScore: 6.2
vectorString: CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.3
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-28206 // VULHUB: VHN-116417 // JVNDB: JVNDB-2017-010591 // CNNVD: CNNVD-201711-931 // NVD: CVE-2017-8214

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.1

problemtype:CWE-264

Trust: 0.9

sources: VULHUB: VHN-116417 // JVNDB: JVNDB-2017-010591 // NVD: CVE-2017-8214

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201711-931

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201711-931

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-010591

PATCH
title:huawei-sa-20170807-01-smartphoneurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170807-01-smartphone-en
Trust: 0.8
title:A number of Huawei phones have patches that bypass the unlock code verification vulnerability.url:https://www.cnvd.org.cn/patchInfo/show/102759
Trust: 0.6
title:Multiple Huawei Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76641
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-28206 // 
            
            
            
            JVNDB: JVNDB-2017-010591 // 
            
            
            
            CNNVD: CNNVD-201711-931

EXTERNAL IDS
db:NVDid:CVE-2017-8214
Trust: 3.1
db:JVNDBid:JVNDB-2017-010591
Trust: 0.8
db:CNNVDid:CNNVD-201711-931
Trust: 0.7
db:CNVDid:CNVD-2017-28206
Trust: 0.6
db:VULHUBid:VHN-116417
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-28206 // 
            
            
            
            VULHUB: VHN-116417 // 
            
            
            
            JVNDB: JVNDB-2017-010591 // 
            
            
            
            CNNVD: CNNVD-201711-931 // 
            
            
            
            NVD: CVE-2017-8214

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170807-01-smartphone-en
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8214
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-8214
Trust: 0.8
url:http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20170807-01-smartphone-cn
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-28206 // 
            
            
            
            VULHUB: VHN-116417 // 
            
            
            
            JVNDB: JVNDB-2017-010591 // 
            
            
            
            CNNVD: CNNVD-201711-931 // 
            
            
            
            NVD: CVE-2017-8214

SOURCES
db:CNVDid:CNVD-2017-28206
db:VULHUBid:VHN-116417
db:JVNDBid:JVNDB-2017-010591
db:CNNVDid:CNNVD-201711-931
db:NVDid:CVE-2017-8214

LAST UPDATE DATE
2024-11-23T22:59:08.802000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-28206date:2017-09-26T00:00:00
db:VULHUBid:VHN-116417date:2020-08-24T00:00:00
db:JVNDBid:JVNDB-2017-010591date:2017-12-20T00:00:00
db:CNNVDid:CNNVD-201711-931date:2020-10-22T00:00:00
db:NVDid:CVE-2017-8214date:2024-11-21T03:33:33.053

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-28206date:2017-09-26T00:00:00
db:VULHUBid:VHN-116417date:2017-11-22T00:00:00
db:JVNDBid:JVNDB-2017-010591date:2017-12-20T00:00:00
db:CNNVDid:CNNVD-201711-931date:2017-11-24T00:00:00
db:NVDid:CVE-2017-8214date:2017-11-22T19:29:05.523