Sign-up

ID

VAR-201704-0156


CVE

CVE-2016-8272


TITLE

HiSuite Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2016-008204

DESCRIPTION

Huawei PC client software HiSuite 4.0.5.300_OVE has an information leak vulnerability; an attacker who can log in to the system can copy out the user's proxy password, causing information leaks. HiSuite Contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. Huawei HiSuite is a set of mobile phone assistant software for PCs developed by China Huawei (Huawei). An information disclosure vulnerability exists in Huawei HiSuite version 4.0.5.300_OVE. The vulnerability stems from the fact that the copy function is not disabled in the password box on the proxy settings interface

Trust: 1.71

sources: NVD: CVE-2016-8272 // JVNDB: JVNDB-2016-008204 // VULHUB: VHN-97092

AFFECTED PRODUCTS

vendor:huaweimodel:hisuitescope:eqversion:4.0.5.300_ove

Trust: 2.4

sources: JVNDB: JVNDB-2016-008204 // NVD: CVE-2016-8272 // CNNVD: CNNVD-201704-190

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2016-8272
value: MEDIUM

Trust: 1.8

CNNVD: CNNVD-201704-190
value: LOW

Trust: 0.6

VULHUB: VHN-97092
value: LOW

Trust: 0.1

NVD:
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

NVD: CVE-2016-8272
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-97092
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

NVD:
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 1.8
impactScore: 3.4
version: 3.0

Trust: 1.0

NVD: CVE-2016-8272
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-97092 // JVNDB: JVNDB-2016-008204 // NVD: CVE-2016-8272 // CNNVD: CNNVD-201704-190

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-97092 // JVNDB: JVNDB-2016-008204 // NVD: CVE-2016-8272

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201704-190

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201704-190

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2016-8272

PATCH
title:Security Advisory - Multiple Security Vulnerabilities in Huawei HiSuiteurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160905-01-hisuite-en
Trust: 0.8
title:Huawei HiSuite Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=69038
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2016-008204 // 
            
            
            
            CNNVD: CNNVD-201704-190

EXTERNAL IDS
db:NVDid:CVE-2016-8272
Trust: 2.5
db:JVNDBid:JVNDB-2016-008204
Trust: 0.8
db:CNNVDid:CNNVD-201704-190
Trust: 0.7
db:VULHUBid:VHN-97092
Trust: 0.1
sources:
            
            
            VULHUB: VHN-97092 // 
            
            
            
            JVNDB: JVNDB-2016-008204 // 
            
            
            
            NVD: CVE-2016-8272 // 
            
            
            
            CNNVD: CNNVD-201704-190

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160905-01-hisuite-en
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8272
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2016-8272
Trust: 0.8
sources:
            
            
            VULHUB: VHN-97092 // 
            
            
            
            JVNDB: JVNDB-2016-008204 // 
            
            
            
            NVD: CVE-2016-8272 // 
            
            
            
            CNNVD: CNNVD-201704-190

SOURCES
db:VULHUBid:VHN-97092
db:JVNDBid:JVNDB-2016-008204
db:NVDid:CVE-2016-8272
db:CNNVDid:CNNVD-201704-190

LAST UPDATE DATE
2023-12-18T12:37:29.971000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-97092date:2017-04-05T00:00:00
db:JVNDBid:JVNDB-2016-008204date:2017-05-01T00:00:00
db:NVDid:CVE-2016-8272date:2017-04-05T19:03:05.073
db:CNNVDid:CNNVD-201704-190date:2017-04-06T00:00:00

SOURCES RELEASE DATE
db:VULHUBid:VHN-97092date:2017-04-02T00:00:00
db:JVNDBid:JVNDB-2016-008204date:2017-05-01T00:00:00
db:NVDid:CVE-2016-8272date:2017-04-02T20:59:00.937
db:CNNVDid:CNNVD-201704-190date:2017-04-06T00:00:00