Details of VAR-201803-1320

ID

VAR-201803-1320

CVE

CVE-2017-17145

TITLE

Huawei Honor V9 Play Vulnerability related to access control in smartphones

Trust: 0.8

sources: JVNDB: JVNDB-2017-012809

DESCRIPTION

Huawei Honor V9 Play smart phones with the versions before Jimmy-AL00AC00B135 have an authentication bypass vulnerability due to the improper design of a component. An attacker who get a user's smart phone can execute specific operation, and delete the fingerprint of the phone without authentication. Huawei Honor V9 Play Smartphones have access control vulnerabilities.Information may be tampered with. Huawei Glory V9Play is a smartphone from China's Huawei company. Huawei Smart Phones are prone to a local authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may lead to further attacks

Trust: 2.43

sources: NVD: CVE-2017-17145 // JVNDB: JVNDB-2017-012809 // CNVD: CNVD-2017-37502 // BID: 103363

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-37502

AFFECTED PRODUCTS

vendor:	huawei	model:	honor v9 play	scope:	lt	version:	jimmy-al00ac00b135	Trust: 1.8
vendor:	huawei	model:	glory play <al00ac00b135	scope:	eq	version:	v9	Trust: 0.6
vendor:	huawei	model:	honor play	scope:	eq	version:	v90	Trust: 0.3
vendor:	huawei	model:	honor play jimmy-al00ac00b135	scope:	ne	version:	v9	Trust: 0.3

sources: CNVD: CNVD-2017-37502 // BID: 103363 // JVNDB: JVNDB-2017-012809 // NVD: CVE-2017-17145

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-17145
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-17145
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2017-37502
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201712-298
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2017-17145
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-37502
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:C/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	COMPLETE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2017-17145
baseSeverity:	MEDIUM
baseScore:	4.6
vectorString:	CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	0.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-37502 // JVNDB: JVNDB-2017-012809 // CNNVD: CNNVD-201712-298 // NVD: CVE-2017-17145

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-284	Trust: 0.8

sources: JVNDB: JVNDB-2017-012809 // NVD: CVE-2017-17145

THREAT TYPE

local

Trust: 0.9

sources: BID: 103363 // CNNVD: CNNVD-201712-298

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201712-298

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-012809

PATCH

title:	huawei-sa-20171213-03-smartphone	url:	http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171213-03-smartphone-en	Trust: 0.8
title:	Huawei glory V9Play authentication bypass vulnerability patch	url:	https://www.cnvd.org.cn/patchInfo/show/111015	Trust: 0.6
title:	Huawei Honor V9 Play Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=100235	Trust: 0.6

sources: CNVD: CNVD-2017-37502 // JVNDB: JVNDB-2017-012809 // CNNVD: CNNVD-201712-298

EXTERNAL IDS

db:	NVD	id:	CVE-2017-17145	Trust: 3.3
db:	JVNDB	id:	JVNDB-2017-012809	Trust: 0.8
db:	CNVD	id:	CNVD-2017-37502	Trust: 0.6
db:	CNNVD	id:	CNNVD-201712-298	Trust: 0.6
db:	BID	id:	103363	Trust: 0.3

sources: CNVD: CNVD-2017-37502 // BID: 103363 // JVNDB: JVNDB-2017-012809 // CNNVD: CNNVD-201712-298 // NVD: CVE-2017-17145

REFERENCES

url:	http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171213-03-smartphone-en	Trust: 1.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17145	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-17145	Trust: 0.8
url:	http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20171213-03-smartphone-cn	Trust: 0.6
url:	http://www.huawei.com/en/	Trust: 0.3

sources: CNVD: CNVD-2017-37502 // BID: 103363 // JVNDB: JVNDB-2017-012809 // CNNVD: CNNVD-201712-298 // NVD: CVE-2017-17145

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 103363

SOURCES

db:	CNVD	id:	CNVD-2017-37502
db:	BID	id:	103363
db:	JVNDB	id:	JVNDB-2017-012809
db:	CNNVD	id:	CNNVD-201712-298
db:	NVD	id:	CVE-2017-17145

LAST UPDATE DATE

2024-11-23T22:55:59.404000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-37502	date:	2017-12-19T00:00:00
db:	BID	id:	103363	date:	2017-12-13T00:00:00
db:	JVNDB	id:	JVNDB-2017-012809	date:	2018-04-19T00:00:00
db:	CNNVD	id:	CNNVD-201712-298	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2017-17145	date:	2024-11-21T03:17:34.667

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-37502	date:	2017-12-19T00:00:00
db:	BID	id:	103363	date:	2017-12-13T00:00:00
db:	JVNDB	id:	JVNDB-2017-012809	date:	2018-04-19T00:00:00
db:	CNNVD	id:	CNNVD-201712-298	date:	2017-12-07T00:00:00
db:	NVD	id:	CVE-2017-17145	date:	2018-03-09T17:29:00.330