Sign-up

ID

VAR-201803-0164


CVE

CVE-2017-17279


TITLE

Huawei Mate 9 Pro Smartphone software access control vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-012880

DESCRIPTION

The soundtrigger module in Huawei Mate 9 Pro smart phones with software of the versions before LON-AL00B 8.0.0.343(C00) has an authentication bypass vulnerability due to the improper design of the module. An attacker tricks a user into installing a malicious application, and the application can exploit the vulnerability and make attacker bypass the authentication, the attacker can control the phone to sent short messages and make call within audio range to the phone. HuaweiMate9Pro is a smartphone from Huawei. Huawei Smart Phones are prone to an authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism. This may aid in further attacks. The Huawei Mate 9 Pro is a smartphone from the Chinese company Huawei. The soundtrigger module is one of the speech recognition modules

Trust: 2.52

sources: NVD: CVE-2017-17279 // JVNDB: JVNDB-2017-012880 // CNVD: CNVD-2018-04767 // BID: 103360 // VULHUB: VHN-108285

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-04767

AFFECTED PRODUCTS

vendor:huaweimodel:mate 9 proscope:ltversion:lon-al00b_8.0.0.343\(c00\)

Trust: 1.0

vendor:huaweimodel:mate 9 proscope:ltversion:lon-al00b 8.0.0.343(c00)

Trust: 0.8

vendor:huaweimodel:mate pro <lon-al00b 8.0.0.343scope:eqversion:9

Trust: 0.6

vendor:huaweimodel:mate proscope:eqversion:90

Trust: 0.3

vendor:huaweimodel:mate pro lon-al00bscope:neversion:98.0.0.343(

Trust: 0.3

sources: CNVD: CNVD-2018-04767 // BID: 103360 // JVNDB: JVNDB-2017-012880 // NVD: CVE-2017-17279

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-17279
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-17279
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2018-04767
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201803-297
value: MEDIUM

Trust: 0.6

VULHUB: VHN-108285
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-17279
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-04767
severity: MEDIUM
baseScore: 5.6
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 7.8
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-108285
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-17279
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-04767 // VULHUB: VHN-108285 // JVNDB: JVNDB-2017-012880 // CNNVD: CNNVD-201803-297 // NVD: CVE-2017-17279

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-284

Trust: 0.9

sources: VULHUB: VHN-108285 // JVNDB: JVNDB-2017-012880 // NVD: CVE-2017-17279

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201803-297

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201803-297

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-012880

PATCH
title:huawei-sa-20180307-01-smartphoneurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180307-01-smartphone-en
Trust: 0.8
title:Huawei Mate 9 Pro soundtrigger Repair measures for module security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79019
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-012880 // 
            
            
            
            CNNVD: CNNVD-201803-297

EXTERNAL IDS
db:NVDid:CVE-2017-17279
Trust: 3.4
db:BIDid:103360
Trust: 2.0
db:JVNDBid:JVNDB-2017-012880
Trust: 0.8
db:CNVDid:CNVD-2018-04767
Trust: 0.6
db:CNNVDid:CNNVD-201803-297
Trust: 0.6
db:VULHUBid:VHN-108285
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-04767 // 
            
            
            
            VULHUB: VHN-108285 // 
            
            
            
            BID: 103360 // 
            
            
            
            JVNDB: JVNDB-2017-012880 // 
            
            
            
            CNNVD: CNNVD-201803-297 // 
            
            
            
            NVD: CVE-2017-17279

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180307-01-smartphone-en
Trust: 2.0
url:http://www.securityfocus.com/bid/103360
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17279
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-17279
Trust: 0.8
url:http://www.huawei.com/cn/psirt/security-advisories/2018/huawei-sa-20180307-01-smartphone-cn
Trust: 0.6
url:http://www.huawei.com/en/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2018-04767 // 
            
            
            
            VULHUB: VHN-108285 // 
            
            
            
            BID: 103360 // 
            
            
            
            JVNDB: JVNDB-2017-012880 // 
            
            
            
            CNNVD: CNNVD-201803-297 // 
            
            
            
            NVD: CVE-2017-17279

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 103360

SOURCES
db:CNVDid:CNVD-2018-04767
db:VULHUBid:VHN-108285
db:BIDid:103360
db:JVNDBid:JVNDB-2017-012880
db:CNNVDid:CNNVD-201803-297
db:NVDid:CVE-2017-17279

LAST UPDATE DATE
2024-11-23T22:17:38.603000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-04767date:2018-03-09T00:00:00
db:VULHUBid:VHN-108285date:2019-10-03T00:00:00
db:BIDid:103360date:2018-03-07T00:00:00
db:JVNDBid:JVNDB-2017-012880date:2018-04-26T00:00:00
db:CNNVDid:CNNVD-201803-297date:2019-10-23T00:00:00
db:NVDid:CVE-2017-17279date:2024-11-21T03:17:44.350

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-04767date:2018-03-09T00:00:00
db:VULHUBid:VHN-108285date:2018-03-09T00:00:00
db:BIDid:103360date:2018-03-07T00:00:00
db:JVNDBid:JVNDB-2017-012880date:2018-04-26T00:00:00
db:CNNVDid:CNNVD-201803-297date:2018-03-13T00:00:00
db:NVDid:CVE-2017-17279date:2018-03-09T17:29:01.610