Details of VAR-201803-1328

ID

VAR-201803-1328

CVE

CVE-2017-17140

TITLE

Huawei Enjoy 5s and Y6 Pro Information disclosure vulnerability in smartphone software

Trust: 0.8

sources: JVNDB: JVNDB-2017-012854

DESCRIPTION

Huawei Enjoy 5s and Y6 Pro smartphones with software the versions before TAG-AL00C92B170; the versions before TIT-L01C576B121 have an information leak vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious application on the smart phone and the application can read some sensitive information in kernel memory which may cause sensitive information leak. Huawei enjoys 5S/5, which is a smartphone from China's Huawei company. Huawei enjoys an information disclosure vulnerability in the mobile phone. The vulnerability is due to the lack of effective checking of parameters on the device

Trust: 2.16

sources: NVD: CVE-2017-17140 // JVNDB: JVNDB-2017-012854 // CNVD: CNVD-2017-37509

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-37509

AFFECTED PRODUCTS

vendor:	huawei	model:	enjoy 5s	scope:	lt	version:	tag-al00c92b170	Trust: 1.8
vendor:	huawei	model:	y6 pro	scope:	lt	version:	tit-l01c576b121	Trust: 1.8
vendor:	huawei	model:	enjoy 5s <tag-al00c92b170	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	enjoy <tit-l01c576b121	scope:	eq	version:	5	Trust: 0.6

sources: CNVD: CNVD-2017-37509 // JVNDB: JVNDB-2017-012854 // NVD: CVE-2017-17140

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-17140
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-17140
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2017-37509
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201712-303
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2017-17140
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-37509
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:C/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2017-17140
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-37509 // JVNDB: JVNDB-2017-012854 // CNNVD: CNNVD-201712-303 // NVD: CVE-2017-17140

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.8

sources: JVNDB: JVNDB-2017-012854 // NVD: CVE-2017-17140

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201712-303

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201712-303

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-012854

PATCH

title:	huawei-sa-20171213-02-smartphone	url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171213-02-smartphone-en	Trust: 0.8
title:	Huawei enjoys the patch of information leakage vulnerability in mobile phones	url:	https://www.cnvd.org.cn/patchInfo/show/110965	Trust: 0.6

sources: CNVD: CNVD-2017-37509 // JVNDB: JVNDB-2017-012854

EXTERNAL IDS

db:	NVD	id:	CVE-2017-17140	Trust: 3.0
db:	JVNDB	id:	JVNDB-2017-012854	Trust: 0.8
db:	CNVD	id:	CNVD-2017-37509	Trust: 0.6
db:	CNNVD	id:	CNNVD-201712-303	Trust: 0.6

sources: CNVD: CNVD-2017-37509 // JVNDB: JVNDB-2017-012854 // CNNVD: CNNVD-201712-303 // NVD: CVE-2017-17140

REFERENCES

url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171213-02-smartphone-en	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17140	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-17140	Trust: 0.8
url:	http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20171213-02-smartphone-cn	Trust: 0.6

sources: CNVD: CNVD-2017-37509 // JVNDB: JVNDB-2017-012854 // CNNVD: CNNVD-201712-303 // NVD: CVE-2017-17140

SOURCES

db:	CNVD	id:	CNVD-2017-37509
db:	JVNDB	id:	JVNDB-2017-012854
db:	CNNVD	id:	CNNVD-201712-303
db:	NVD	id:	CVE-2017-17140

LAST UPDATE DATE

2024-11-23T22:22:11.864000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-37509	date:	2017-12-19T00:00:00
db:	JVNDB	id:	JVNDB-2017-012854	date:	2018-04-24T00:00:00
db:	CNNVD	id:	CNNVD-201712-303	date:	2018-03-06T00:00:00
db:	NVD	id:	CVE-2017-17140	date:	2024-11-21T03:17:33.947

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-37509	date:	2017-12-19T00:00:00
db:	JVNDB	id:	JVNDB-2017-012854	date:	2018-04-24T00:00:00
db:	CNNVD	id:	CNNVD-201712-303	date:	2017-12-07T00:00:00
db:	NVD	id:	CVE-2017-17140	date:	2018-03-05T19:29:00.690