Sign-up

ID

VAR-201712-0800


CVE

CVE-2017-15313


TITLE

Huawei SmartCare Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-011594

DESCRIPTION

Huawei SmartCare V200R003C10 has a CSV injection vulnerability. An remote authenticated attacker could inject malicious CSV expression to the affected device. Huawei SmartCare Contains an injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Huawei SmartCare is a set of end-to-end user perception improvement and assurance solutions provided by China's Huawei (Huawei), which is used to improve customer experience in the telecommunications field

Trust: 1.71

sources: NVD: CVE-2017-15313 // JVNDB: JVNDB-2017-011594 // VULHUB: VHN-106123

AFFECTED PRODUCTS

vendor:huaweimodel:smartcarescope:eqversion:v200r003c10

Trust: 2.4

sources: JVNDB: JVNDB-2017-011594 // CNNVD: CNNVD-201710-463 // NVD: CVE-2017-15313

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-15313
value: HIGH

Trust: 1.0

NVD: CVE-2017-15313
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201710-463
value: MEDIUM

Trust: 0.6

VULHUB: VHN-106123
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-15313
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-106123
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-15313
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-106123 // JVNDB: JVNDB-2017-011594 // CNNVD: CNNVD-201710-463 // NVD: CVE-2017-15313

PROBLEMTYPE DATA

problemtype:CWE-74

Trust: 1.9

sources: VULHUB: VHN-106123 // JVNDB: JVNDB-2017-011594 // NVD: CVE-2017-15313

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201710-463

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201710-463

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-011594

PATCH
title:huawei-sn-20171201-01-smartcare-enurl:http://www.huawei.com/en/psirt/security-notices/huawei-sn-20171201-01-smartcare-en
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2017-011594

EXTERNAL IDS
db:NVDid:CVE-2017-15313
Trust: 2.5
db:JVNDBid:JVNDB-2017-011594
Trust: 0.8
db:CNNVDid:CNNVD-201710-463
Trust: 0.7
db:VULHUBid:VHN-106123
Trust: 0.1
sources:
            
            
            VULHUB: VHN-106123 // 
            
            
            
            JVNDB: JVNDB-2017-011594 // 
            
            
            
            CNNVD: CNNVD-201710-463 // 
            
            
            
            NVD: CVE-2017-15313

REFERENCES
url:http://www.huawei.com/en/psirt/security-notices/huawei-sn-20171201-01-smartcare-en
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-15313
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-15313
Trust: 0.8
sources:
            
            
            VULHUB: VHN-106123 // 
            
            
            
            JVNDB: JVNDB-2017-011594 // 
            
            
            
            CNNVD: CNNVD-201710-463 // 
            
            
            
            NVD: CVE-2017-15313

SOURCES
db:VULHUBid:VHN-106123
db:JVNDBid:JVNDB-2017-011594
db:CNNVDid:CNNVD-201710-463
db:NVDid:CVE-2017-15313

LAST UPDATE DATE
2025-04-20T23:37:41.989000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-106123date:2018-01-05T00:00:00
db:JVNDBid:JVNDB-2017-011594date:2018-01-22T00:00:00
db:CNNVDid:CNNVD-201710-463date:2017-12-25T00:00:00
db:NVDid:CVE-2017-15313date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-106123date:2017-12-22T00:00:00
db:JVNDBid:JVNDB-2017-011594date:2018-01-22T00:00:00
db:CNNVDid:CNNVD-201710-463date:2017-10-17T00:00:00
db:NVDid:CVE-2017-15313date:2017-12-22T17:29:13.143