Sign-up

ID

VAR-201711-0991


CVE

CVE-2017-8153


TITLE

Huawei VMall Permissions vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-010811

DESCRIPTION

Huawei VMall (for Android) with the versions before 1.5.8.5 have a privilege elevation vulnerability due to improper design. An attacker can trick users into installing a malicious app which can send out HTTP requests and execute JavaScript code in web pages without obtaining the Internet access permission. Successful exploit could lead to resource occupation or information leak. Huawei VMall Contains a permission vulnerability.Information is obtained and service operation is interrupted (DoS) There is a possibility of being put into a state. Huawei Vmall for Android is a Huawei Mall application based on the Android platform of China Huawei (Huawei). APK is one of the installers

Trust: 1.71

sources: NVD: CVE-2017-8153 // JVNDB: JVNDB-2017-010811 // VULHUB: VHN-116356

AFFECTED PRODUCTS

vendor:huaweimodel:vmallscope:ltversion:1.5.8.5

Trust: 1.0

vendor:huaweimodel:hwvmallscope:ltversion:1.5.8.5

Trust: 0.8

sources: JVNDB: JVNDB-2017-010811 // NVD: CVE-2017-8153

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-8153
value: HIGH

Trust: 1.0

NVD: CVE-2017-8153
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201711-977
value: MEDIUM

Trust: 0.6

VULHUB: VHN-116356
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-8153
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-116356
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-8153
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.2
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-116356 // JVNDB: JVNDB-2017-010811 // CNNVD: CNNVD-201711-977 // NVD: CVE-2017-8153

PROBLEMTYPE DATA

problemtype:CWE-275

Trust: 1.9

sources: VULHUB: VHN-116356 // JVNDB: JVNDB-2017-010811 // NVD: CVE-2017-8153

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201711-977

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201711-977

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-010811

PATCH
title:huawei-sa-20170901-01-smartphoneurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170901-01-smartphone-en
Trust: 0.8
title:Huawei Vmall for Android APK Fixes for permission permissions and access control vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76687
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-010811 // 
            
            
            
            CNNVD: CNNVD-201711-977

EXTERNAL IDS
db:NVDid:CVE-2017-8153
Trust: 2.5
db:JVNDBid:JVNDB-2017-010811
Trust: 0.8
db:CNNVDid:CNNVD-201711-977
Trust: 0.7
db:VULHUBid:VHN-116356
Trust: 0.1
sources:
            
            
            VULHUB: VHN-116356 // 
            
            
            
            JVNDB: JVNDB-2017-010811 // 
            
            
            
            CNNVD: CNNVD-201711-977 // 
            
            
            
            NVD: CVE-2017-8153

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170901-01-smartphone-en
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8153
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-8153
Trust: 0.8
sources:
            
            
            VULHUB: VHN-116356 // 
            
            
            
            JVNDB: JVNDB-2017-010811 // 
            
            
            
            CNNVD: CNNVD-201711-977 // 
            
            
            
            NVD: CVE-2017-8153

SOURCES
db:VULHUBid:VHN-116356
db:JVNDBid:JVNDB-2017-010811
db:CNNVDid:CNNVD-201711-977
db:NVDid:CVE-2017-8153

LAST UPDATE DATE
2025-04-20T23:42:04.117000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-116356date:2017-12-12T00:00:00
db:JVNDBid:JVNDB-2017-010811date:2017-12-25T00:00:00
db:CNNVDid:CNNVD-201711-977date:2017-11-24T00:00:00
db:NVDid:CVE-2017-8153date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-116356date:2017-11-22T00:00:00
db:JVNDBid:JVNDB-2017-010811date:2017-12-25T00:00:00
db:CNNVDid:CNNVD-201711-977date:2017-11-24T00:00:00
db:NVDid:CVE-2017-8153date:2017-11-22T19:29:03.477