Sign-up

ID

VAR-201711-0260


CVE

CVE-2017-2694


TITLE

Huawei HwVmall Software vulnerability in software

Trust: 0.8

sources: JVNDB: JVNDB-2017-010733

DESCRIPTION

The AlarmService component in HwVmall with software earlier than 1.5.2.0 versions has no control over calling permissions, allowing any third party to call. An attacker can construct a malicious application to call it. Consequently, alert music will be played suddenly, compromising user experience. Huawei HwVmall Software contains permission-related vulnerabilities.Information may be tampered with. Huawei HwVmall is prone to a local security-bypass vulnerability. An attacker may exploit this issue to bypass certain security restrictions and cause denial-of-service conditions. Versions prior to HwVmall 1.5.2.0 are vulnerable. Huawei HwVmall is a set of e-commerce platform applications for national services of China Huawei (Huawei). AlarmService component is one of the alarm service components. The vulnerability is due to the fact that the program does not set call permission control, and any third-party application can call it

Trust: 1.98

sources: NVD: CVE-2017-2694 // JVNDB: JVNDB-2017-010733 // BID: 95915 // VULHUB: VHN-110897

AFFECTED PRODUCTS

vendor:huaweimodel:vmallscope:ltversion:1.5.2.0

Trust: 1.0

vendor:huaweimodel:hwvmallscope:ltversion:1.5.2.0

Trust: 0.8

vendor:huaweimodel:hwvmallscope:eqversion:0

Trust: 0.3

vendor:huaweimodel:hwvmallscope:neversion:1.5.2.0

Trust: 0.3

sources: BID: 95915 // JVNDB: JVNDB-2017-010733 // NVD: CVE-2017-2694

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-2694
value: LOW

Trust: 1.0

NVD: CVE-2017-2694
value: LOW

Trust: 0.8

CNNVD: CNNVD-201702-250
value: MEDIUM

Trust: 0.6

VULHUB: VHN-110897
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-2694
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-110897
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-2694
baseSeverity: LOW
baseScore: 3.3
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-110897 // JVNDB: JVNDB-2017-010733 // CNNVD: CNNVD-201702-250 // NVD: CVE-2017-2694

PROBLEMTYPE DATA

problemtype:CWE-275

Trust: 1.9

sources: VULHUB: VHN-110897 // JVNDB: JVNDB-2017-010733 // NVD: CVE-2017-2694

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201702-250

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201702-250

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-010733

PATCH
title:huawei-sa-20170125-01-vmallurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170125-01-vmall-en
Trust: 0.8
title:Huawei Mall security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=67641
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-010733 // 
            
            
            
            CNNVD: CNNVD-201702-250

EXTERNAL IDS
db:NVDid:CVE-2017-2694
Trust: 2.8
db:BIDid:95915
Trust: 2.0
db:JVNDBid:JVNDB-2017-010733
Trust: 0.8
db:CNNVDid:CNNVD-201702-250
Trust: 0.7
db:VULHUBid:VHN-110897
Trust: 0.1
sources:
            
            
            VULHUB: VHN-110897 // 
            
            
            
            BID: 95915 // 
            
            
            
            JVNDB: JVNDB-2017-010733 // 
            
            
            
            CNNVD: CNNVD-201702-250 // 
            
            
            
            NVD: CVE-2017-2694

REFERENCES
url:http://www.securityfocus.com/bid/95915
Trust: 1.7
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170125-01-vmall-en
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2694
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-2694
Trust: 0.8
url:http://www.huawei.com
Trust: 0.3
url:http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170125-01-vmall-en
Trust: 0.3
sources:
            
            
            VULHUB: VHN-110897 // 
            
            
            
            BID: 95915 // 
            
            
            
            JVNDB: JVNDB-2017-010733 // 
            
            
            
            CNNVD: CNNVD-201702-250 // 
            
            
            
            NVD: CVE-2017-2694

CREDITS
Zhang Qing.
Trust: 0.9
sources:
            
            
            BID: 95915 // 
            
            
            
            CNNVD: CNNVD-201702-250

SOURCES
db:VULHUBid:VHN-110897
db:BIDid:95915
db:JVNDBid:JVNDB-2017-010733
db:CNNVDid:CNNVD-201702-250
db:NVDid:CVE-2017-2694

LAST UPDATE DATE
2025-04-20T23:15:51.855000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-110897date:2017-12-11T00:00:00
db:BIDid:95915date:2017-02-02T00:09:00
db:JVNDBid:JVNDB-2017-010733date:2017-12-21T00:00:00
db:CNNVDid:CNNVD-201702-250date:2017-12-26T00:00:00
db:NVDid:CVE-2017-2694date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-110897date:2017-11-22T00:00:00
db:BIDid:95915date:2017-01-25T00:00:00
db:JVNDBid:JVNDB-2017-010733date:2017-12-21T00:00:00
db:CNNVDid:CNNVD-201702-250date:2017-01-25T00:00:00
db:NVDid:CVE-2017-2694date:2017-11-22T19:29:00.397