Sign-up

ID

VAR-201711-0239


CVE

CVE-2017-2723


TITLE

Huawei Files Information disclosure vulnerability in applications

Trust: 0.8

sources: JVNDB: JVNDB-2017-010748

DESCRIPTION

The Files APP 7.1.1.308 and earlier versions in some Huawei mobile phones has a vulnerability of plaintext storage of users' Safe passwords. An attacker with the root privilege of an Android system could forge the Safe to read users' plaintext Safe passwords, leading to information leak. Huawei Files An application contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Huawei Files APP is a file management application of the Chinese company Huawei (Huawei). The vulnerability stems from the fact that the program stores the user's safe password in plain text

Trust: 1.71

sources: NVD: CVE-2017-2723 // JVNDB: JVNDB-2017-010748 // VULHUB: VHN-110926

AFFECTED PRODUCTS

vendor:huaweimodel:filesscope:lteversion:7.1.1.308

Trust: 1.8

vendor:huaweimodel:filesscope:eqversion:7.1.1.308

Trust: 0.6

sources: JVNDB: JVNDB-2017-010748 // CNNVD: CNNVD-201711-1002 // NVD: CVE-2017-2723

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-2723
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-2723
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201711-1002
value: MEDIUM

Trust: 0.6

VULHUB: VHN-110926
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2017-2723
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-110926
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-2723
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-110926 // JVNDB: JVNDB-2017-010748 // CNNVD: CNNVD-201711-1002 // NVD: CVE-2017-2723

PROBLEMTYPE DATA

problemtype:CWE-312

Trust: 1.1

problemtype:CWE-200

Trust: 0.9

sources: VULHUB: VHN-110926 // JVNDB: JVNDB-2017-010748 // NVD: CVE-2017-2723

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201711-1002

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201711-1002

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-010748

PATCH
title:huawei-sa-20170419-01-filesurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170419-01-files-en
Trust: 0.8
title:Huawei Files APP Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76712
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-010748 // 
            
            
            
            CNNVD: CNNVD-201711-1002

EXTERNAL IDS
db:NVDid:CVE-2017-2723
Trust: 2.5
db:JVNDBid:JVNDB-2017-010748
Trust: 0.8
db:CNNVDid:CNNVD-201711-1002
Trust: 0.7
db:VULHUBid:VHN-110926
Trust: 0.1
sources:
            
            
            VULHUB: VHN-110926 // 
            
            
            
            JVNDB: JVNDB-2017-010748 // 
            
            
            
            CNNVD: CNNVD-201711-1002 // 
            
            
            
            NVD: CVE-2017-2723

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170419-01-files-en
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2723
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-2723
Trust: 0.8
sources:
            
            
            VULHUB: VHN-110926 // 
            
            
            
            JVNDB: JVNDB-2017-010748 // 
            
            
            
            CNNVD: CNNVD-201711-1002 // 
            
            
            
            NVD: CVE-2017-2723

SOURCES
db:VULHUBid:VHN-110926
db:JVNDBid:JVNDB-2017-010748
db:CNNVDid:CNNVD-201711-1002
db:NVDid:CVE-2017-2723

LAST UPDATE DATE
2025-04-20T23:15:51.885000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-110926date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2017-010748date:2017-12-21T00:00:00
db:CNNVDid:CNNVD-201711-1002date:2019-10-23T00:00:00
db:NVDid:CVE-2017-2723date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-110926date:2017-11-22T00:00:00
db:JVNDBid:JVNDB-2017-010748date:2017-12-21T00:00:00
db:CNNVDid:CNNVD-201711-1002date:2017-11-24T00:00:00
db:NVDid:CVE-2017-2723date:2017-11-22T19:29:01.460