Sign-up

ID

VAR-201711-0219


CVE

CVE-2017-2703


TITLE

Mate 9 and P9 Vulnerabilities related to authorization, permissions, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2017-010793

DESCRIPTION

Phone Finder in versions earlier before MHA-AL00BC00B156,Versions earlier before MHA-CL00BC00B156,Versions earlier before MHA-DL00BC00B156,Versions earlier before MHA-TL00BC00B156,Versions earlier before EVA-AL10C00B373,Versions earlier before EVA-CL10C00B373,Versions earlier before EVA-DL10C00B373,Versions earlier before EVA-TL10C00B373 can be bypass. An attacker can bypass the Phone Finder by special steps and enter the System Setting. Mate 9 and P9 Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. huaweiMate9 and P9 are the smartphones of China's Huawei company. Huawei's mobile phone has a retrieving function security bypass vulnerability. Huawei Smart Phones are prone to a security-bypass vulnerability. An attacker may exploit this issue to bypass certain security restrictions and cause denial-of-service conditions. The following versions are affected: Huawei Mate 9 versions prior to MHA-AL00BC00B156, versions prior to MHA-CL00BC00B156, versions prior to MHA-DL00BC00B156, versions prior to MHA-TL00BC00B156; versions prior to P9 EVA-AL10C00B373, versions prior to EVA-CL10C00B373 , the version before EVA-DL10C00B373, the version before EVA-TL10C00B373

Trust: 2.52

sources: NVD: CVE-2017-2703 // JVNDB: JVNDB-2017-010793 // CNVD: CNVD-2017-00658 // BID: 95657 // VULHUB: VHN-110906

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-00658

AFFECTED PRODUCTS

vendor:huaweimodel:mate 9scope:ltversion:mha-al00bc00b156

Trust: 1.8

vendor:huaweimodel:mate 9scope:ltversion:mha-cl00bc00b156

Trust: 1.8

vendor:huaweimodel:mate 9scope:ltversion:mha-dl00bc00b156

Trust: 1.8

vendor:huaweimodel:mate 9scope:ltversion:mha-tl00bc00b156

Trust: 1.8

vendor:huaweimodel:p9scope:ltversion:eva-al10c00b373

Trust: 1.8

vendor:huaweimodel:p9scope:ltversion:eva-cl10c00b373

Trust: 1.8

vendor:huaweimodel:p9scope:ltversion:eva-dl10c00b373

Trust: 1.8

vendor:huaweimodel:p9scope:ltversion:eva-tl10c00b373

Trust: 1.8

vendor:huaweimodel:mate <mha-al00bc00b156scope:eqversion:9

Trust: 0.6

vendor:huaweimodel:mate <mha-cl00bc00b156scope:eqversion:9

Trust: 0.6

vendor:huaweimodel:mate <mha-dl00bc00b156scope:eqversion:9

Trust: 0.6

vendor:huaweimodel:mate <mha-tl00bc00b156scope:eqversion:9

Trust: 0.6

vendor:huaweimodel:p9 <eva-al10c00b373scope: - version: -

Trust: 0.6

vendor:huaweimodel:p9 <eva-cl10c00b373scope: - version: -

Trust: 0.6

vendor:huaweimodel:p9 <eva-dl10c00b373scope: - version: -

Trust: 0.6

vendor:huaweimodel:p9 <eva-tl10c00b373scope: - version: -

Trust: 0.6

vendor:huaweimodel:p9scope:eqversion:0

Trust: 0.3

vendor:huaweimodel:matescope:eqversion:90

Trust: 0.3

vendor:huaweimodel:p9 eva-tl10c00b373scope:neversion: -

Trust: 0.3

vendor:huaweimodel:p9 eva-dl10c00b373scope:neversion: -

Trust: 0.3

vendor:huaweimodel:p9 eva-cl10c00b373scope:neversion: -

Trust: 0.3

vendor:huaweimodel:p9 eva-al10c00b373scope:neversion: -

Trust: 0.3

vendor:huaweimodel:mate mha-tl00bc00b156scope:neversion:9

Trust: 0.3

vendor:huaweimodel:mate mha-dl00bc00b156scope:neversion:9

Trust: 0.3

vendor:huaweimodel:mate mha-cl00bc00b156scope:neversion:9

Trust: 0.3

vendor:huaweimodel:mate mha-al00bc00b156scope:neversion:9

Trust: 0.3

sources: CNVD: CNVD-2017-00658 // BID: 95657 // JVNDB: JVNDB-2017-010793 // NVD: CVE-2017-2703

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-2703
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-2703
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2017-00658
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201701-770
value: MEDIUM

Trust: 0.6

VULHUB: VHN-110906
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-2703
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-00658
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-110906
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-2703
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-00658 // VULHUB: VHN-110906 // JVNDB: JVNDB-2017-010793 // CNNVD: CNNVD-201701-770 // NVD: CVE-2017-2703

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-264

Trust: 0.9

sources: VULHUB: VHN-110906 // JVNDB: JVNDB-2017-010793 // NVD: CVE-2017-2703

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201701-770

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201701-770

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-010793

PATCH
title:huawei-sa-20170118-05-smartphoneurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170118-05-smartphone-en
Trust: 0.8
title:Huawei mobile phone to retrieve the patch that functionally bypasses the vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/88417
Trust: 0.6
title:Huawei Mate 9  and P9 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=67329
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-00658 // 
            
            
            
            JVNDB: JVNDB-2017-010793 // 
            
            
            
            CNNVD: CNNVD-201701-770

EXTERNAL IDS
db:NVDid:CVE-2017-2703
Trust: 3.4
db:BIDid:95657
Trust: 2.0
db:JVNDBid:JVNDB-2017-010793
Trust: 0.8
db:CNNVDid:CNNVD-201701-770
Trust: 0.7
db:CNVDid:CNVD-2017-00658
Trust: 0.6
db:VULHUBid:VHN-110906
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-00658 // 
            
            
            
            VULHUB: VHN-110906 // 
            
            
            
            BID: 95657 // 
            
            
            
            JVNDB: JVNDB-2017-010793 // 
            
            
            
            CNNVD: CNNVD-201701-770 // 
            
            
            
            NVD: CVE-2017-2703

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170118-05-smartphone-en
Trust: 2.0
url:http://www.securityfocus.com/bid/95657
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2703
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-2703
Trust: 0.8
url:http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20170118-05-smartphone-cn
Trust: 0.6
url:http://www.huawei.com
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-00658 // 
            
            
            
            VULHUB: VHN-110906 // 
            
            
            
            BID: 95657 // 
            
            
            
            JVNDB: JVNDB-2017-010793 // 
            
            
            
            CNNVD: CNNVD-201701-770 // 
            
            
            
            NVD: CVE-2017-2703

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 95657

SOURCES
db:CNVDid:CNVD-2017-00658
db:VULHUBid:VHN-110906
db:BIDid:95657
db:JVNDBid:JVNDB-2017-010793
db:CNNVDid:CNNVD-201701-770
db:NVDid:CVE-2017-2703

LAST UPDATE DATE
2025-04-20T23:25:55.149000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-00658date:2017-01-20T00:00:00
db:VULHUBid:VHN-110906date:2019-10-03T00:00:00
db:BIDid:95657date:2017-01-23T00:12:00
db:JVNDBid:JVNDB-2017-010793date:2017-12-25T00:00:00
db:CNNVDid:CNNVD-201701-770date:2019-10-23T00:00:00
db:NVDid:CVE-2017-2703date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-00658date:2017-01-20T00:00:00
db:VULHUBid:VHN-110906date:2017-11-22T00:00:00
db:BIDid:95657date:2017-01-18T00:00:00
db:JVNDBid:JVNDB-2017-010793date:2017-12-25T00:00:00
db:CNNVDid:CNNVD-201701-770date:2017-01-20T00:00:00
db:NVDid:CVE-2017-2703date:2017-11-22T19:29:00.693