Sign-up

ID

VAR-201711-1031


CVE

CVE-2017-8216


TITLE

Warsaw Huawei Vulnerabilities related to authorization, authority, and access control in smartphone software

Trust: 0.8

sources: JVNDB: JVNDB-2017-010744

DESCRIPTION

Warsaw Huawei Smart phones with software of versions earlier than Warsaw-AL00C00B180, versions earlier than Warsaw-TL10C01B180 have a permission control vulnerability. Due to improper authorization on specific processes, an attacker with the root privilege of a mobile Android system can exploit this vulnerability to obtain some information of the user. .Information may be obtained. Huaweinova Youth Edition is the smartphone device of China Huawei. Huaweinova Youth Edition has a privilege escalation vulnerability. Huawei Smart Phones are prone to a local security-bypass vulnerability. Attackers can exploit this issue to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks

Trust: 2.43

sources: NVD: CVE-2017-8216 // JVNDB: JVNDB-2017-010744 // CNVD: CNVD-2017-12111 // BID: 102190

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-12111

AFFECTED PRODUCTS

vendor:huaweimodel:p10 litescope:ltversion:warsaw-al00c00b180

Trust: 1.0

vendor:huaweimodel:p10 litescope:ltversion:warsaw-tl10c01b180

Trust: 1.0

vendor:huaweimodel:warsawscope:ltversion:(warsaw-al00c00b180 )

Trust: 0.8

vendor:huaweimodel:warsawscope:ltversion:(warsaw-tl10c01b180 )

Trust: 0.8

vendor:huaweimodel:nova youth edition <=warsaw-al00c00b180scope: - version: -

Trust: 0.6

vendor:huaweimodel:nova youth edition <=warsaw-tl10c01b180scope: - version: -

Trust: 0.6

vendor:huaweimodel:warsawscope:eqversion:0

Trust: 0.3

vendor:huaweimodel:warsaw tl10c01b180scope:neversion: -

Trust: 0.3

vendor:huaweimodel:warsaw al00c00b180scope:neversion: -

Trust: 0.3

sources: CNVD: CNVD-2017-12111 // BID: 102190 // JVNDB: JVNDB-2017-010744 // NVD: CVE-2017-8216

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-8216
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-8216
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2017-12111
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201711-929
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2017-8216
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-12111
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:C/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2017-8216
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-12111 // JVNDB: JVNDB-2017-010744 // CNNVD: CNNVD-201711-929 // NVD: CVE-2017-8216

PROBLEMTYPE DATA

problemtype:CWE-863

Trust: 1.0

problemtype:CWE-264

Trust: 0.8

sources: JVNDB: JVNDB-2017-010744 // NVD: CVE-2017-8216

THREAT TYPE

local

Trust: 0.9

sources: BID: 102190 // CNNVD: CNNVD-201711-929

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201711-929

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-010744

PATCH
title:huawei-sa-20170614-01-smartphoneurl:http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170614-01-smartphone-en
Trust: 0.8
title:Huaweinova Youth Edition Mobile Rights Boost Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/96680
Trust: 0.6
title:Huawei nova Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76639
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-12111 // 
            
            
            
            JVNDB: JVNDB-2017-010744 // 
            
            
            
            CNNVD: CNNVD-201711-929

EXTERNAL IDS
db:NVDid:CVE-2017-8216
Trust: 3.3
db:BIDid:102190
Trust: 1.9
db:JVNDBid:JVNDB-2017-010744
Trust: 0.8
db:CNVDid:CNVD-2017-12111
Trust: 0.6
db:CNNVDid:CNNVD-201711-929
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-12111 // 
            
            
            
            BID: 102190 // 
            
            
            
            JVNDB: JVNDB-2017-010744 // 
            
            
            
            CNNVD: CNNVD-201711-929 // 
            
            
            
            NVD: CVE-2017-8216

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170614-01-smartphone-en
Trust: 1.9
url:http://www.securityfocus.com/bid/102190
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8216
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-8216
Trust: 0.8
url:http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20170614-01-smartphone-cn
Trust: 0.6
url:http://www.huawei.com
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-12111 // 
            
            
            
            BID: 102190 // 
            
            
            
            JVNDB: JVNDB-2017-010744 // 
            
            
            
            CNNVD: CNNVD-201711-929 // 
            
            
            
            NVD: CVE-2017-8216

CREDITS
Wen Guanxing of Pangu lab.
Trust: 0.3
sources:
            
            
            BID: 102190

SOURCES
db:CNVDid:CNVD-2017-12111
db:BIDid:102190
db:JVNDBid:JVNDB-2017-010744
db:CNNVDid:CNNVD-201711-929
db:NVDid:CVE-2017-8216

LAST UPDATE DATE
2025-04-20T23:35:40.285000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-12111date:2017-06-30T00:00:00
db:BIDid:102190date:2017-12-19T21:01:00
db:JVNDBid:JVNDB-2017-010744date:2017-12-21T00:00:00
db:CNNVDid:CNNVD-201711-929date:2020-10-22T00:00:00
db:NVDid:CVE-2017-8216date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-12111date:2017-06-28T00:00:00
db:BIDid:102190date:2017-06-14T00:00:00
db:JVNDBid:JVNDB-2017-010744date:2017-12-21T00:00:00
db:CNNVDid:CNNVD-201711-929date:2017-11-24T00:00:00
db:NVDid:CVE-2017-8216date:2017-11-22T19:29:05.647