Details of VAR-201802-0532

ID

VAR-201802-0532

CVE

CVE-2017-15351

TITLE

Huawei Honor V9 Play Authentication vulnerabilities in smartphones

Trust: 0.8

sources: JVNDB: JVNDB-2017-012458

DESCRIPTION

The 'Find Phone' function in Huawei Honor V9 play smart phones with versions earlier than Jimmy-AL00AC00B135 has an authentication bypass vulnerability. Due to improper authentication realization in the 'Find Phone' function. An attacker may exploit the vulnerability to bypass the 'Find Phone' function in order to use the phone normally. Huawei HonorV9play is a smartphone from Huawei. Huawei Honor V9 play is a smartphone product of the Chinese company Huawei

Trust: 2.25

sources: NVD: CVE-2017-15351 // JVNDB: JVNDB-2017-012458 // CNVD: CNVD-2017-35024 // VULHUB: VHN-106165

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-35024

AFFECTED PRODUCTS

vendor:	huawei	model:	honor v9 play	scope:	eq	version:	jimmy-al00ac00b135	Trust: 1.6
vendor:	huawei	model:	honor v9 play	scope:	lte	version:	jimmy-al00ac00b135	Trust: 0.8
vendor:	huawei	model:	honor play <jimmy-al00ac00b135	scope:	eq	version:	v9	Trust: 0.6

sources: CNVD: CNVD-2017-35024 // JVNDB: JVNDB-2017-012458 // CNNVD: CNNVD-201711-1127 // NVD: CVE-2017-15351

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-15351
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-15351
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2017-35024
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201711-1127
value:	HIGH
Trust: 0.6
VULHUB:	VHN-106165
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2017-15351
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-35024
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-106165
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-15351
baseSeverity:	MEDIUM
baseScore:	6.8
vectorString:	CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-35024 // VULHUB: VHN-106165 // JVNDB: JVNDB-2017-012458 // CNNVD: CNNVD-201711-1127 // NVD: CVE-2017-15351

PROBLEMTYPE DATA

problemtype:

CWE-287

Trust: 1.9

sources: VULHUB: VHN-106165 // JVNDB: JVNDB-2017-012458 // NVD: CVE-2017-15351

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201711-1127

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201711-1127

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-012458

PATCH

title:	huawei-sa-20171122-01-smartphone	url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171122-01-smartphone-en	Trust: 0.8
title:	Huawei HonorV9play authentication bypass vulnerability patch	url:	https://www.cnvd.org.cn/patchInfo/show/106693	Trust: 0.6
title:	Huawei Honor V9 play Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76787	Trust: 0.6

sources: CNVD: CNVD-2017-35024 // JVNDB: JVNDB-2017-012458 // CNNVD: CNNVD-201711-1127

EXTERNAL IDS

db:	NVD	id:	CVE-2017-15351	Trust: 3.1
db:	JVNDB	id:	JVNDB-2017-012458	Trust: 0.8
db:	CNVD	id:	CNVD-2017-35024	Trust: 0.6
db:	CNNVD	id:	CNNVD-201711-1127	Trust: 0.6
db:	VULHUB	id:	VHN-106165	Trust: 0.1

sources: CNVD: CNVD-2017-35024 // VULHUB: VHN-106165 // JVNDB: JVNDB-2017-012458 // CNNVD: CNNVD-201711-1127 // NVD: CVE-2017-15351

REFERENCES

url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171122-01-smartphone-en	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-15351	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-15351	Trust: 0.8
url:	http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20171122-01-smartphone-cn	Trust: 0.6

sources: CNVD: CNVD-2017-35024 // VULHUB: VHN-106165 // JVNDB: JVNDB-2017-012458 // CNNVD: CNNVD-201711-1127 // NVD: CVE-2017-15351

CREDITS

Huawei internal tester

Trust: 0.6

sources: CNNVD: CNNVD-201711-1127

SOURCES

db:	CNVD	id:	CNVD-2017-35024
db:	VULHUB	id:	VHN-106165
db:	JVNDB	id:	JVNDB-2017-012458
db:	CNNVD	id:	CNNVD-201711-1127
db:	NVD	id:	CVE-2017-15351

LAST UPDATE DATE

2024-11-23T22:30:30.350000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-35024	date:	2017-11-23T00:00:00
db:	VULHUB	id:	VHN-106165	date:	2018-02-26T00:00:00
db:	JVNDB	id:	JVNDB-2017-012458	date:	2018-03-09T00:00:00
db:	CNNVD	id:	CNNVD-201711-1127	date:	2017-11-30T00:00:00
db:	NVD	id:	CVE-2017-15351	date:	2024-11-21T03:14:31.507

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-35024	date:	2017-11-23T00:00:00
db:	VULHUB	id:	VHN-106165	date:	2018-02-15T00:00:00
db:	JVNDB	id:	JVNDB-2017-012458	date:	2018-03-09T00:00:00
db:	CNNVD	id:	CNNVD-201711-1127	date:	2017-11-30T00:00:00
db:	NVD	id:	CVE-2017-15351	date:	2018-02-15T16:29:01.297