Sign-up

ID

VAR-201711-0975


CVE

CVE-2017-8137


TITLE

HedEx Vulnerabilities related to untrusted search paths

Trust: 0.8

sources: JVNDB: JVNDB-2017-010565

DESCRIPTION

HedEx Earlier than V200R006C00 versions has a dynamic link library (DLL) hijacking vulnerability due to calling the DDL file by accessing a relative path. An attacker could exploit this vulnerability to tamper with the DLL file, leading to DLL hijacking. HedEx Contains an unreliable search path vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Huawei HedEx Lite is a document management software developed by Huawei in China

Trust: 1.71

sources: NVD: CVE-2017-8137 // JVNDB: JVNDB-2017-010565 // VULHUB: VHN-116340

AFFECTED PRODUCTS

vendor:huaweimodel:hedex litescope:ltversion:v200r006c00

Trust: 1.8

sources: JVNDB: JVNDB-2017-010565 // NVD: CVE-2017-8137

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-8137
value: HIGH

Trust: 1.0

NVD: CVE-2017-8137
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201706-043
value: CRITICAL

Trust: 0.6

VULHUB: VHN-116340
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-8137
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-116340
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-8137
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-116340 // JVNDB: JVNDB-2017-010565 // CNNVD: CNNVD-201706-043 // NVD: CVE-2017-8137

PROBLEMTYPE DATA

problemtype:CWE-426

Trust: 1.9

sources: VULHUB: VHN-116340 // JVNDB: JVNDB-2017-010565 // NVD: CVE-2017-8137

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201706-043

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201706-043

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-010565

PATCH
title:huawei-sa-20170601-01-hedexurl:http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170531-01-hedex-en
Trust: 0.8
title:Huawei HedEx Lite Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70671
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-010565 // 
            
            
            
            CNNVD: CNNVD-201706-043

EXTERNAL IDS
db:NVDid:CVE-2017-8137
Trust: 2.5
db:JVNDBid:JVNDB-2017-010565
Trust: 0.8
db:CNNVDid:CNNVD-201706-043
Trust: 0.7
db:VULHUBid:VHN-116340
Trust: 0.1
sources:
            
            
            VULHUB: VHN-116340 // 
            
            
            
            JVNDB: JVNDB-2017-010565 // 
            
            
            
            CNNVD: CNNVD-201706-043 // 
            
            
            
            NVD: CVE-2017-8137

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170531-01-hedex-en
Trust: 1.1
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8137
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-8137
Trust: 0.8
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170531-01-hedex-en
Trust: 0.6
sources:
            
            
            VULHUB: VHN-116340 // 
            
            
            
            JVNDB: JVNDB-2017-010565 // 
            
            
            
            CNNVD: CNNVD-201706-043 // 
            
            
            
            NVD: CVE-2017-8137

SOURCES
db:VULHUBid:VHN-116340
db:JVNDBid:JVNDB-2017-010565
db:CNNVDid:CNNVD-201706-043
db:NVDid:CVE-2017-8137

LAST UPDATE DATE
2025-04-20T23:24:50.410000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-116340date:2017-12-07T00:00:00
db:JVNDBid:JVNDB-2017-010565date:2017-12-19T00:00:00
db:CNNVDid:CNNVD-201706-043date:2017-06-02T00:00:00
db:NVDid:CVE-2017-8137date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-116340date:2017-11-22T00:00:00
db:JVNDBid:JVNDB-2017-010565date:2017-12-19T00:00:00
db:CNNVDid:CNNVD-201706-043date:2017-06-02T00:00:00
db:NVDid:CVE-2017-8137date:2017-11-22T19:29:02.867