Sign-up

ID

VAR-201711-0231


CVE

CVE-2017-2715


TITLE

Huawei Smartphone Files Information disclosure vulnerability in applications

Trust: 0.8

sources: JVNDB: JVNDB-2017-010753

DESCRIPTION

The Files APP 7.1.1.309 and earlier versions in some Huawei mobile phones has a brute-force password cracking vulnerability due to the improper design of the Safe key database. An unauthorized attacker could access sensitive database information and may crack users' Safe passwords, leading to information leak. Huawei Smartphone Files An application contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Huawei Files APP is a file management application of the Chinese company Huawei (Huawei)

Trust: 1.71

sources: NVD: CVE-2017-2715 // JVNDB: JVNDB-2017-010753 // VULHUB: VHN-110918

AFFECTED PRODUCTS

vendor:huaweimodel:filesscope:lteversion:7.1.1.309

Trust: 1.8

vendor:huaweimodel:filesscope:eqversion:7.1.1.309

Trust: 0.6

sources: JVNDB: JVNDB-2017-010753 // CNNVD: CNNVD-201711-1009 // NVD: CVE-2017-2715

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-2715
value: HIGH

Trust: 1.0

NVD: CVE-2017-2715
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201711-1009
value: LOW

Trust: 0.6

VULHUB: VHN-110918
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2017-2715
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-110918
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-2715
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-110918 // JVNDB: JVNDB-2017-010753 // CNNVD: CNNVD-201711-1009 // NVD: CVE-2017-2715

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-110918 // JVNDB: JVNDB-2017-010753 // NVD: CVE-2017-2715

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201711-1009

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201711-1009

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-010753

PATCH
title:huawei-sa-20170425-01-filesurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170425-01-files-en
Trust: 0.8
title:Huawei Files APP Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76719
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-010753 // 
            
            
            
            CNNVD: CNNVD-201711-1009

EXTERNAL IDS
db:NVDid:CVE-2017-2715
Trust: 2.5
db:JVNDBid:JVNDB-2017-010753
Trust: 0.8
db:CNNVDid:CNNVD-201711-1009
Trust: 0.7
db:VULHUBid:VHN-110918
Trust: 0.1
sources:
            
            
            VULHUB: VHN-110918 // 
            
            
            
            JVNDB: JVNDB-2017-010753 // 
            
            
            
            CNNVD: CNNVD-201711-1009 // 
            
            
            
            NVD: CVE-2017-2715

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170425-01-files-en
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2715
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-2715
Trust: 0.8
sources:
            
            
            VULHUB: VHN-110918 // 
            
            
            
            JVNDB: JVNDB-2017-010753 // 
            
            
            
            CNNVD: CNNVD-201711-1009 // 
            
            
            
            NVD: CVE-2017-2715

SOURCES
db:VULHUBid:VHN-110918
db:JVNDBid:JVNDB-2017-010753
db:CNNVDid:CNNVD-201711-1009
db:NVDid:CVE-2017-2715

LAST UPDATE DATE
2025-04-20T23:19:45.180000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-110918date:2017-12-11T00:00:00
db:JVNDBid:JVNDB-2017-010753date:2017-12-21T00:00:00
db:CNNVDid:CNNVD-201711-1009date:2017-11-24T00:00:00
db:NVDid:CVE-2017-2715date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-110918date:2017-11-22T00:00:00
db:JVNDBid:JVNDB-2017-010753date:2017-12-21T00:00:00
db:CNNVDid:CNNVD-201711-1009date:2017-11-24T00:00:00
db:NVDid:CVE-2017-2715date:2017-11-22T19:29:01.117