Sign-up

ID

VAR-201704-0158


CVE

CVE-2016-8274


TITLE

HiSuite Access control vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2016-008206

DESCRIPTION

Huawei PC client software HiSuite 4.0.5.300_OVE has a dynamic link library (DLL) hijack vulnerability; an attacker can make the system load malicious DLL files to execute arbitrary code. HiSuite Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. Huawei HiSuite is a set of mobile phone assistant software for PCs developed by China Huawei (Huawei). There is a DLL hijacking vulnerability in Huawei HiSuite version 4.0.5.300_OVE. The vulnerability stems from the program's lack of checking of loaded system DLL files

Trust: 1.71

sources: NVD: CVE-2016-8274 // JVNDB: JVNDB-2016-008206 // VULHUB: VHN-97094

AFFECTED PRODUCTS

vendor:huaweimodel:hisuitescope:eqversion:4.0.5.300_ove

Trust: 2.4

sources: JVNDB: JVNDB-2016-008206 // NVD: CVE-2016-8274 // CNNVD: CNNVD-201704-188

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2016-8274
value: HIGH

Trust: 1.8

CNNVD: CNNVD-201704-188
value: HIGH

Trust: 0.6

VULHUB: VHN-97094
value: HIGH

Trust: 0.1

NVD:
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

NVD: CVE-2016-8274
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-97094
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

NVD:
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: CVE-2016-8274
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-97094 // JVNDB: JVNDB-2016-008206 // NVD: CVE-2016-8274 // CNNVD: CNNVD-201704-188

PROBLEMTYPE DATA

problemtype:CWE-284

Trust: 1.9

sources: VULHUB: VHN-97094 // JVNDB: JVNDB-2016-008206 // NVD: CVE-2016-8274

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201704-188

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201704-188

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2016-8274

PATCH
title:Security Advisory - Multiple Security Vulnerabilities in Huawei HiSuiteurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160905-01-hisuite-en
Trust: 0.8
title:Huawei HiSuite Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=69036
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2016-008206 // 
            
            
            
            CNNVD: CNNVD-201704-188

EXTERNAL IDS
db:NVDid:CVE-2016-8274
Trust: 2.5
db:JVNDBid:JVNDB-2016-008206
Trust: 0.8
db:CNNVDid:CNNVD-201704-188
Trust: 0.7
db:VULHUBid:VHN-97094
Trust: 0.1
sources:
            
            
            VULHUB: VHN-97094 // 
            
            
            
            JVNDB: JVNDB-2016-008206 // 
            
            
            
            NVD: CVE-2016-8274 // 
            
            
            
            CNNVD: CNNVD-201704-188

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160905-01-hisuite-en
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8274
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2016-8274
Trust: 0.8
sources:
            
            
            VULHUB: VHN-97094 // 
            
            
            
            JVNDB: JVNDB-2016-008206 // 
            
            
            
            NVD: CVE-2016-8274 // 
            
            
            
            CNNVD: CNNVD-201704-188

SOURCES
db:VULHUBid:VHN-97094
db:JVNDBid:JVNDB-2016-008206
db:NVDid:CVE-2016-8274
db:CNNVDid:CNNVD-201704-188

LAST UPDATE DATE
2023-12-18T13:14:23.364000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-97094date:2017-04-05T00:00:00
db:JVNDBid:JVNDB-2016-008206date:2017-05-01T00:00:00
db:NVDid:CVE-2016-8274date:2017-04-05T18:11:31.807
db:CNNVDid:CNNVD-201704-188date:2017-04-06T00:00:00

SOURCES RELEASE DATE
db:VULHUBid:VHN-97094date:2017-04-02T00:00:00
db:JVNDBid:JVNDB-2016-008206date:2017-05-01T00:00:00
db:NVDid:CVE-2016-8274date:2017-04-02T20:59:01.017
db:CNNVDid:CNNVD-201704-188date:2017-04-06T00:00:00