Sign-up

ID

VAR-201711-0224


CVE

CVE-2017-2708


TITLE

Nice Vulnerabilities related to authorization, authority, and access control in smartphone software

Trust: 0.8

sources: JVNDB: JVNDB-2017-010795

DESCRIPTION

The 'Find Phone' function in Nice smartphones with software versions earlier before Nice-AL00C00B0135 has an authentication bypass vulnerability. An unauthenticated attacker may wipe and factory reset the phone by special steps. Due to missing authentication of the 'Find Phone' function, an attacker may exploit the vulnerability to bypass the 'Find Phone' function in order to use the phone normally. Nice Smartphone software contains vulnerabilities related to authorization, permissions, and access control.Service operation interruption (DoS) There is a possibility of being put into a state. HuaweiNice is a smartphone from China's Huawei company. An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may lead to further attacks. Versions prior to Nice AL00C00B0135 are vulnerable

Trust: 2.52

sources: NVD: CVE-2017-2708 // JVNDB: JVNDB-2017-010795 // CNVD: CNVD-2017-01537 // BID: 95911 // VULMON: CVE-2017-2708

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-01537

AFFECTED PRODUCTS

vendor:huaweimodel:nicescope:ltversion:nice-al00c00b0135

Trust: 1.8

vendor:huaweimodel:nicescope:eqversion:0

Trust: 0.9

vendor:huaweimodel:nice al00c00b0135scope:neversion: -

Trust: 0.3

sources: CNVD: CNVD-2017-01537 // BID: 95911 // JVNDB: JVNDB-2017-010795 // NVD: CVE-2017-2708

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-2708
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-2708
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2017-01537
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201702-251
value: MEDIUM

Trust: 0.6

VULMON: CVE-2017-2708
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-2708
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2017-01537
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2017-2708
baseSeverity: MEDIUM
baseScore: 4.6
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 0.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-01537 // VULMON: CVE-2017-2708 // JVNDB: JVNDB-2017-010795 // CNNVD: CNNVD-201702-251 // NVD: CVE-2017-2708

PROBLEMTYPE DATA

problemtype:CWE-306

Trust: 1.0

problemtype:CWE-264

Trust: 0.8

sources: JVNDB: JVNDB-2017-010795 // NVD: CVE-2017-2708

THREAT TYPE

local

Trust: 0.9

sources: BID: 95911 // CNNVD: CNNVD-201702-251

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201702-251

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-010795

PATCH
title:huawei-sa-20170125-01-smartphoneurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170125-01-smartphone-en
Trust: 0.8
title:HuaweiSmartPhones local authentication bypass vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/89480
Trust: 0.6
title:Huawei mobile phone security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=67642
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-01537 // 
            
            
            
            JVNDB: JVNDB-2017-010795 // 
            
            
            
            CNNVD: CNNVD-201702-251

EXTERNAL IDS
db:NVDid:CVE-2017-2708
Trust: 3.4
db:BIDid:95911
Trust: 2.6
db:JVNDBid:JVNDB-2017-010795
Trust: 0.8
db:CNVDid:CNVD-2017-01537
Trust: 0.6
db:CNNVDid:CNNVD-201702-251
Trust: 0.6
db:VULMONid:CVE-2017-2708
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-01537 // 
            
            
            
            VULMON: CVE-2017-2708 // 
            
            
            
            BID: 95911 // 
            
            
            
            JVNDB: JVNDB-2017-010795 // 
            
            
            
            CNNVD: CNNVD-201702-251 // 
            
            
            
            NVD: CVE-2017-2708

REFERENCES
url:http://www.securityfocus.com/bid/95911
Trust: 2.4
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170125-01-smartphone-en
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2708
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-2708
Trust: 0.8
url:http://www.huawei.com/en/
Trust: 0.3
url:http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170125-01-smartphone-en
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/306.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-01537 // 
            
            
            
            VULMON: CVE-2017-2708 // 
            
            
            
            BID: 95911 // 
            
            
            
            JVNDB: JVNDB-2017-010795 // 
            
            
            
            CNNVD: CNNVD-201702-251 // 
            
            
            
            NVD: CVE-2017-2708

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 95911

SOURCES
db:CNVDid:CNVD-2017-01537
db:VULMONid:CVE-2017-2708
db:BIDid:95911
db:JVNDBid:JVNDB-2017-010795
db:CNNVDid:CNNVD-201702-251
db:NVDid:CVE-2017-2708

LAST UPDATE DATE
2025-04-20T23:29:32.143000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-01537date:2017-02-18T00:00:00
db:VULMONid:CVE-2017-2708date:2019-10-03T00:00:00
db:BIDid:95911date:2017-02-02T02:05:00
db:JVNDBid:JVNDB-2017-010795date:2017-12-25T00:00:00
db:CNNVDid:CNNVD-201702-251date:2019-10-23T00:00:00
db:NVDid:CVE-2017-2708date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-01537date:2017-02-20T00:00:00
db:VULMONid:CVE-2017-2708date:2017-11-22T00:00:00
db:BIDid:95911date:2017-01-25T00:00:00
db:JVNDBid:JVNDB-2017-010795date:2017-12-25T00:00:00
db:CNNVDid:CNNVD-201702-251date:2017-01-25T00:00:00
db:NVDid:CVE-2017-2708date:2017-11-22T19:29:00.867