Sign-up

ID

VAR-201704-0157


CVE

CVE-2016-8273


TITLE

HiSuite Input validation vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2016-008205 // CNNVD: CNNVD-201704-189

DESCRIPTION

Huawei PC client software HiSuite 4.0.5.300_OVE uses insecure HTTP for upgrade software package download and does not check the integrity of the software package before installing; an attacker can launch an MITM attack to interrupt or replace the downloaded software package and further compromise the PC. HiSuite Contains input validation vulnerabilities and access control vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. Huawei HiSuite is a set of mobile phone assistant software for PCs developed by China Huawei (Huawei). There is a security vulnerability in Huawei HiSuite version 4.0.5.300_OVE. An attacker could exploit this vulnerability to implement a man-in-the-middle attack, disrupting or replacing downloaded software packages

Trust: 1.71

sources: NVD: CVE-2016-8273 // JVNDB: JVNDB-2016-008205 // VULHUB: VHN-97093

AFFECTED PRODUCTS

vendor:huaweimodel:hisuitescope:eqversion:4.0.5.300_ove

Trust: 2.4

sources: JVNDB: JVNDB-2016-008205 // NVD: CVE-2016-8273 // CNNVD: CNNVD-201704-189

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2016-8273
value: HIGH

Trust: 1.8

CNNVD: CNNVD-201704-189
value: MEDIUM

Trust: 0.6

VULHUB: VHN-97093
value: MEDIUM

Trust: 0.1

NVD:
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

NVD: CVE-2016-8273
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-97093
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

NVD:
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: CVE-2016-8273
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-97093 // JVNDB: JVNDB-2016-008205 // NVD: CVE-2016-8273 // CNNVD: CNNVD-201704-189

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

problemtype:CWE-284

Trust: 1.9

sources: VULHUB: VHN-97093 // JVNDB: JVNDB-2016-008205 // NVD: CVE-2016-8273

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201704-189

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201704-189

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2016-8273

PATCH
title:Security Advisory - Multiple Security Vulnerabilities in Huawei HiSuiteurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160905-01-hisuite-en
Trust: 0.8
title:Huawei HiSuite Enter the fix for the verification vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=69037
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2016-008205 // 
            
            
            
            CNNVD: CNNVD-201704-189

EXTERNAL IDS
db:NVDid:CVE-2016-8273
Trust: 2.5
db:JVNDBid:JVNDB-2016-008205
Trust: 0.8
db:CNNVDid:CNNVD-201704-189
Trust: 0.7
db:VULHUBid:VHN-97093
Trust: 0.1
sources:
            
            
            VULHUB: VHN-97093 // 
            
            
            
            JVNDB: JVNDB-2016-008205 // 
            
            
            
            NVD: CVE-2016-8273 // 
            
            
            
            CNNVD: CNNVD-201704-189

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160905-01-hisuite-en
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8273
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2016-8273
Trust: 0.8
sources:
            
            
            VULHUB: VHN-97093 // 
            
            
            
            JVNDB: JVNDB-2016-008205 // 
            
            
            
            NVD: CVE-2016-8273 // 
            
            
            
            CNNVD: CNNVD-201704-189

SOURCES
db:VULHUBid:VHN-97093
db:JVNDBid:JVNDB-2016-008205
db:NVDid:CVE-2016-8273
db:CNNVDid:CNNVD-201704-189

LAST UPDATE DATE
2023-12-18T13:53:04.399000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-97093date:2017-04-05T00:00:00
db:JVNDBid:JVNDB-2016-008205date:2017-05-01T00:00:00
db:NVDid:CVE-2016-8273date:2017-04-05T19:59:33.833
db:CNNVDid:CNNVD-201704-189date:2017-04-06T00:00:00

SOURCES RELEASE DATE
db:VULHUBid:VHN-97093date:2017-04-02T00:00:00
db:JVNDBid:JVNDB-2016-008205date:2017-05-01T00:00:00
db:NVDid:CVE-2016-8273date:2017-04-02T20:59:00.970
db:CNNVDid:CNNVD-201704-189date:2017-04-06T00:00:00