Details of VAR-201711-0947

ID

VAR-201711-0947

CVE

CVE-2017-8185

TITLE

ME906s-158 Vulnerabilities related to authorization, permissions, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2017-010738

DESCRIPTION

ME906s-158 earlier than ME906S_Installer_13.1805.10.3 versions has a privilege elevation vulnerability. An attacker could exploit this vulnerability to modify the configuration information containing malicious files and trick users into executing the files, resulting in the execution of arbitrary code. ME906s-158 Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HuaweiME906S-158 is a notebook computer from Huawei. Huawei ME906S Products are prone to a local privilege-escalation vulnerability. Local attackers may exploit this issue to gain elevated privileges

Trust: 2.43

sources: NVD: CVE-2017-8185 // JVNDB: JVNDB-2017-010738 // CNVD: CNVD-2017-34438 // BID: 102473

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-34438

AFFECTED PRODUCTS

vendor:	huawei	model:	me906s-158	scope:	lt	version:	me906s_installer_13.1805.10.3	Trust: 1.8
vendor:	huawei	model:	me906s-158	scope:	lt	version:	13.1805.10.3	Trust: 0.6
vendor:	huawei	model:	me906s-158	scope:	eq	version:	0	Trust: 0.3
vendor:	huawei	model:	me906s-158	scope:	ne	version:	13.1805.10.3	Trust: 0.3

sources: CNVD: CNVD-2017-34438 // BID: 102473 // JVNDB: JVNDB-2017-010738 // NVD: CVE-2017-8185

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-8185
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-8185
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2017-34438
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201711-952
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2017-8185
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-34438
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2017-8185
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-34438 // JVNDB: JVNDB-2017-010738 // CNNVD: CNNVD-201711-952 // NVD: CVE-2017-8185

PROBLEMTYPE DATA

problemtype:	CWE-668	Trust: 1.0
problemtype:	CWE-264	Trust: 0.8

sources: JVNDB: JVNDB-2017-010738 // NVD: CVE-2017-8185

THREAT TYPE

local

Trust: 0.9

sources: BID: 102473 // CNNVD: CNNVD-201711-952

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201711-952

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-010738

PATCH

title:	huawei-sa-20170927-01-me906s	url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170927-01-me906s-en	Trust: 0.8
title:	HuaweiME906S privilege escalation vulnerability patch	url:	https://www.cnvd.org.cn/patchInfo/show/106327	Trust: 0.6
title:	Huawei ME906s-158 Fixes for permission permissions and access control vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76662	Trust: 0.6

sources: CNVD: CNVD-2017-34438 // JVNDB: JVNDB-2017-010738 // CNNVD: CNNVD-201711-952

EXTERNAL IDS

db:	NVD	id:	CVE-2017-8185	Trust: 3.3
db:	JVNDB	id:	JVNDB-2017-010738	Trust: 0.8
db:	CNVD	id:	CNVD-2017-34438	Trust: 0.6
db:	CNNVD	id:	CNNVD-201711-952	Trust: 0.6
db:	BID	id:	102473	Trust: 0.3

sources: CNVD: CNVD-2017-34438 // BID: 102473 // JVNDB: JVNDB-2017-010738 // CNNVD: CNNVD-201711-952 // NVD: CVE-2017-8185

REFERENCES

url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170927-01-me906s-en	Trust: 1.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8185	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-8185	Trust: 0.8
url:	http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20170927-01-me906s-cn	Trust: 0.6
url:	http://www.huawei.com/en/	Trust: 0.3

sources: CNVD: CNVD-2017-34438 // BID: 102473 // JVNDB: JVNDB-2017-010738 // CNNVD: CNNVD-201711-952 // NVD: CVE-2017-8185

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 102473

SOURCES

db:	CNVD	id:	CNVD-2017-34438
db:	BID	id:	102473
db:	JVNDB	id:	JVNDB-2017-010738
db:	CNNVD	id:	CNNVD-201711-952
db:	NVD	id:	CVE-2017-8185

LAST UPDATE DATE

2025-04-20T23:35:40.391000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-34438	date:	2017-11-17T00:00:00
db:	BID	id:	102473	date:	2017-11-22T00:00:00
db:	JVNDB	id:	JVNDB-2017-010738	date:	2017-12-21T00:00:00
db:	CNNVD	id:	CNNVD-201711-952	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2017-8185	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-34438	date:	2017-11-17T00:00:00
db:	BID	id:	102473	date:	2017-11-22T00:00:00
db:	JVNDB	id:	JVNDB-2017-010738	date:	2017-12-21T00:00:00
db:	CNNVD	id:	CNNVD-201711-952	date:	2017-11-23T00:00:00
db:	NVD	id:	CVE-2017-8185	date:	2017-11-22T19:29:04.490