Sign-up

ID

VAR-201711-1030


CVE

CVE-2017-8215


TITLE

plural Huawei Vulnerabilities related to authorization, authority, and access control in smartphone software

Trust: 0.8

sources: JVNDB: JVNDB-2017-010592

DESCRIPTION

Honor 8,Honor V8,Honor 9,Honor V9,Nova 2,Nova 2 Plus,P9,P10 Plus,Toronto Huawei smart phones with software of versions earlier than FRD-AL00C00B391, versions earlier than FRD-DL00C00B391, versions earlier than KNT-AL10C00B391, versions earlier than KNT-AL20C00B391, versions earlier than KNT-UL10C00B391, versions earlier than KNT-TL10C00B391, versions earlier than Stanford-AL00C00B175, versions earlier than Stanford-AL10C00B175, versions earlier than Stanford-TL00C01B175, versions earlier than Duke-AL20C00B191, versions earlier than Duke-TL30C01B191, versions earlier than Picasso-AL00C00B162, versions earlier than Picasso-TL00C01B162 , versions earlier than Barca-AL00C00B162, versions earlier than Barca-TL00C00B162, versions earlier than EVA-AL10C00B396SP03, versions earlier than EVA-CL00C92B396, versions earlier than EVA-DL00C17B396, versions earlier than EVA-TL00C01B396 , versions earlier than Vicky-AL00AC00B172, versions earlier than Toronto-AL00AC00B191, versions earlier than Toronto-TL10C01B191 have a permission control vulnerability. An attacker with the system privilege of a mobile can exploit this vulnerability to bypass the unlock code verification and unlock the mobile phone bootloader. plural Huawei Smartphone software contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Glory 8, Glory V8, Glory 9, Glory V9, Enjoy 7Plus, P9, P10Plus, Nova2 and Nova2Plus are all Huawei smartphones from China. There are permission control vulnerabilities in various Huawei phones. The Huawei Honor 8 and others are smartphone products of the Chinese company Huawei. Several Huawei products have security vulnerabilities

Trust: 2.25

sources: NVD: CVE-2017-8215 // JVNDB: JVNDB-2017-010592 // CNVD: CNVD-2017-28207 // VULHUB: VHN-116418

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-28207

AFFECTED PRODUCTS

vendor:huaweimodel:nova 2 plusscope:ltversion:barca-al00c00b162

Trust: 1.0

vendor:huaweimodel:honor v8scope:ltversion:knt-tl10c00b391

Trust: 1.0

vendor:huaweimodel:p9scope:ltversion:eva-cl00c92b396

Trust: 1.0

vendor:huaweimodel:nova 2 plusscope:ltversion:barca-tl00c00b162

Trust: 1.0

vendor:huaweimodel:p9scope:ltversion:eva-dl00c17b396

Trust: 1.0

vendor:huaweimodel:nova 2scope:ltversion:picasso-al00c00b162

Trust: 1.0

vendor:huaweimodel:nova 2scope:ltversion:picasso-tl00c01b162

Trust: 1.0

vendor:huaweimodel:honor 9scope:ltversion:stanford-al00c00b175

Trust: 1.0

vendor:huaweimodel:honor v9scope:ltversion:duke-tl30c01b191

Trust: 1.0

vendor:huaweimodel:torontoscope:ltversion:toronto-al00ac00b191

Trust: 1.0

vendor:huaweimodel:honor v8scope:ltversion:knt-al20c00b391

Trust: 1.0

vendor:huaweimodel:honor 8scope:ltversion:frd-dl00c00b391

Trust: 1.0

vendor:huaweimodel:honor v8scope:ltversion:knt-ul10c00b391

Trust: 1.0

vendor:huaweimodel:torontoscope:ltversion:toronto-tl10c01b191

Trust: 1.0

vendor:huaweimodel:p9scope:ltversion:eva-tl00c01b396

Trust: 1.0

vendor:huaweimodel:honor 9scope:ltversion:stanford-tl00c01b175

Trust: 1.0

vendor:huaweimodel:honor v8scope:ltversion:knt-al10c00b391

Trust: 1.0

vendor:huaweimodel:honor 9scope:ltversion:stanford-al10c00b175

Trust: 1.0

vendor:huaweimodel:honor v9scope:ltversion:duke-al20c00b191

Trust: 1.0

vendor:huaweimodel:p9scope:ltversion:eva-al10c00b396sp03

Trust: 1.0

vendor:huaweimodel:honor 8scope:ltversion:frd-al00c00b391

Trust: 1.0

vendor:huaweimodel:p10 plusscope:ltversion:vicky-al00ac00b172

Trust: 1.0

vendor:huaweimodel:honor 8scope: - version: -

Trust: 0.8

vendor:huaweimodel:honor 9scope: - version: -

Trust: 0.8

vendor:huaweimodel:honor v8scope: - version: -

Trust: 0.8

vendor:huaweimodel:honor v9scope: - version: -

Trust: 0.8

vendor:huaweimodel:nova 2 plusscope: - version: -

Trust: 0.8

vendor:huaweimodel:nova 2scope: - version: -

Trust: 0.8

vendor:huaweimodel:p10 plusscope: - version: -

Trust: 0.8

vendor:huaweimodel:p9scope: - version: -

Trust: 0.8

vendor:huaweimodel:torontoscope: - version: -

Trust: 0.8

vendor:huaweimodel:nova plus <=barca-al00c00b162scope:eqversion:2

Trust: 0.6

vendor:huaweimodel:nova plus <=barca-tl00c00b162scope:eqversion:2

Trust: 0.6

vendor:huaweimodel:nova <=picasso-al00c00b162scope:eqversion:2

Trust: 0.6

vendor:huaweimodel:nova <=picasso-tl00c00b162scope:eqversion:2

Trust: 0.6

vendor:huaweimodel:p10 plus <=vicky-al00ac00b172scope: - version: -

Trust: 0.6

vendor:huaweimodel:p9 <=eva-al10c00b396sp03scope: - version: -

Trust: 0.6

vendor:huaweimodel:p9 <=eva-cl00c92b396scope: - version: -

Trust: 0.6

vendor:huaweimodel:p9 <=eva-dl00c17b396scope: - version: -

Trust: 0.6

vendor:huaweimodel:p9 <=eva-tl00c01b396scope: - version: -

Trust: 0.6

vendor:huaweimodel:enjoy plus <=toronto-al00ac00b191scope:eqversion:7

Trust: 0.6

vendor:huaweimodel:enjoy plus <=toronto-tl10c01b191scope:eqversion:7

Trust: 0.6

vendor:huaweimodel:glory <=duke-al20c00b191scope:eqversion:v9

Trust: 0.6

vendor:huaweimodel:glory <=duke-tl30c01b191scope:eqversion:v9

Trust: 0.6

vendor:huaweimodel:glory <=stanford-al00c00b175scope:eqversion:9

Trust: 0.6

vendor:huaweimodel:glory <=stanford-al10c00b175scope:eqversion:9

Trust: 0.6

vendor:huaweimodel:glory <=stanford-tl00c01b175scope:eqversion:9

Trust: 0.6

vendor:huaweimodel:glory <=frd-dl00c00b391scope:eqversion:v8

Trust: 0.6

vendor:huaweimodel:glory <=knt-al10c00b391scope:eqversion:v8

Trust: 0.6

vendor:huaweimodel:glory <=knt-al20c00b391scope:eqversion:v8

Trust: 0.6

vendor:huaweimodel:glory <=knt-ul10c00b391scope:eqversion:v8

Trust: 0.6

vendor:huaweimodel:glory <=knt-tl10c00b391scope:eqversion:v8

Trust: 0.6

vendor:huaweimodel:glory <=frd-al00c00b391scope:eqversion:8

Trust: 0.6

sources: CNVD: CNVD-2017-28207 // JVNDB: JVNDB-2017-010592 // NVD: CVE-2017-8215

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-8215
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-8215
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2017-28207
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201711-930
value: MEDIUM

Trust: 0.6

VULHUB: VHN-116418
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-8215
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-28207
severity: HIGH
baseScore: 9.4
vectorString: AV:N/AC:L/AU:N/C:N/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 9.2
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-116418
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-8215
baseSeverity: MEDIUM
baseScore: 6.2
vectorString: CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.3
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-28207 // VULHUB: VHN-116418 // JVNDB: JVNDB-2017-010592 // CNNVD: CNNVD-201711-930 // NVD: CVE-2017-8215

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-264

Trust: 0.9

sources: VULHUB: VHN-116418 // JVNDB: JVNDB-2017-010592 // NVD: CVE-2017-8215

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201711-930

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201711-930

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-010592

PATCH
title:huawei-sa-20170807-01-smartphoneurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170807-01-smartphone-en
Trust: 0.8
title:Patches for multiple Huawei mobile rights control vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/102760
Trust: 0.6
title:Multiple Huawei Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76640
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-28207 // 
            
            
            
            JVNDB: JVNDB-2017-010592 // 
            
            
            
            CNNVD: CNNVD-201711-930

EXTERNAL IDS
db:NVDid:CVE-2017-8215
Trust: 3.1
db:JVNDBid:JVNDB-2017-010592
Trust: 0.8
db:CNNVDid:CNNVD-201711-930
Trust: 0.7
db:CNVDid:CNVD-2017-28207
Trust: 0.6
db:VULHUBid:VHN-116418
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-28207 // 
            
            
            
            VULHUB: VHN-116418 // 
            
            
            
            JVNDB: JVNDB-2017-010592 // 
            
            
            
            CNNVD: CNNVD-201711-930 // 
            
            
            
            NVD: CVE-2017-8215

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170807-01-smartphone-en
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8215
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-8215
Trust: 0.8
url:http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20170807-01-smartphone-cn
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-28207 // 
            
            
            
            VULHUB: VHN-116418 // 
            
            
            
            JVNDB: JVNDB-2017-010592 // 
            
            
            
            CNNVD: CNNVD-201711-930 // 
            
            
            
            NVD: CVE-2017-8215

SOURCES
db:CNVDid:CNVD-2017-28207
db:VULHUBid:VHN-116418
db:JVNDBid:JVNDB-2017-010592
db:CNNVDid:CNNVD-201711-930
db:NVDid:CVE-2017-8215

LAST UPDATE DATE
2024-11-23T22:38:23.030000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-28207date:2017-09-26T00:00:00
db:VULHUBid:VHN-116418date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2017-010592date:2017-12-20T00:00:00
db:CNNVDid:CNNVD-201711-930date:2019-10-23T00:00:00
db:NVDid:CVE-2017-8215date:2024-11-21T03:33:33.207

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-28207date:2017-09-26T00:00:00
db:VULHUBid:VHN-116418date:2017-11-22T00:00:00
db:JVNDBid:JVNDB-2017-010592date:2017-12-20T00:00:00
db:CNNVDid:CNNVD-201711-930date:2017-11-24T00:00:00
db:NVDid:CVE-2017-8215date:2017-11-22T19:29:05.617