Sign-up

ID

VAR-201803-0165


CVE

CVE-2017-17280


TITLE

Huawei Information disclosure vulnerability in smartphone software

Trust: 0.8

sources: JVNDB: JVNDB-2017-012829

DESCRIPTION

NFC (Near Field Communication) module in Huawei mobile phones with software LON-AL00BC00 has an information leak vulnerability. The attacker has to trick a user to do some specific operations and then craft the NFC message to exploit this vulnerability. Successful exploit will cause some information leak. Huawei Smartphone software contains an information disclosure vulnerability.Information may be obtained. HuaweiMate9Pro is a smartphone from Huawei. Multiple Huawei Products are prone to an information-disclosure vulnerability. Remote attackers can exploit this issue to obtain sensitive information that may lead to further attacks. Huawei LON-AL00B is a smart phone product of China Huawei (Huawei). Bluetooth module is one of the Bluetooth modules

Trust: 2.52

sources: NVD: CVE-2017-17280 // JVNDB: JVNDB-2017-012829 // CNVD: CNVD-2018-04769 // BID: 103690 // VULHUB: VHN-108287

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-04769

AFFECTED PRODUCTS

vendor:huaweimodel:lon-al00bscope:eqversion:lon-al00bc00

Trust: 1.6

vendor:huaweimodel:lon-al00bscope: - version: -

Trust: 0.8

vendor:huaweimodel:lon-al00b <lon-al00bc00scope: - version: -

Trust: 0.6

vendor:huaweimodel:lon-al00b lon-al00bc00scope: - version: -

Trust: 0.3

vendor:huaweimodel:lon-al00b 8.0.0.334scope:neversion: -

Trust: 0.3

sources: CNVD: CNVD-2018-04769 // BID: 103690 // JVNDB: JVNDB-2017-012829 // CNNVD: CNNVD-201803-296 // NVD: CVE-2017-17280

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-17280
value: LOW

Trust: 1.0

NVD: CVE-2017-17280
value: LOW

Trust: 0.8

CNVD: CNVD-2018-04769
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201803-296
value: LOW

Trust: 0.6

VULHUB: VHN-108287
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2017-17280
severity: LOW
baseScore: 2.9
vectorString: AV:A/AC:M/AU:N/C:P/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 5.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-04769
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-108287
severity: LOW
baseScore: 2.9
vectorString: AV:A/AC:M/AU:N/C:P/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 5.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-17280
baseSeverity: LOW
baseScore: 3.5
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.1
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-04769 // VULHUB: VHN-108287 // JVNDB: JVNDB-2017-012829 // CNNVD: CNNVD-201803-296 // NVD: CVE-2017-17280

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-108287 // JVNDB: JVNDB-2017-012829 // NVD: CVE-2017-17280

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201803-296

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201803-296

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-012829

PATCH
title:huawei-sa-20180307-01-phoneurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180307-01-phone-en
Trust: 0.8
title:Huawei LON-AL00B NFC Fixing measures for module information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79018
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-012829 // 
            
            
            
            CNNVD: CNNVD-201803-296

EXTERNAL IDS
db:NVDid:CVE-2017-17280
Trust: 3.4
db:JVNDBid:JVNDB-2017-012829
Trust: 0.8
db:CNNVDid:CNNVD-201803-296
Trust: 0.7
db:CNVDid:CNVD-2018-04769
Trust: 0.6
db:BIDid:103690
Trust: 0.4
db:VULHUBid:VHN-108287
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-04769 // 
            
            
            
            VULHUB: VHN-108287 // 
            
            
            
            BID: 103690 // 
            
            
            
            JVNDB: JVNDB-2017-012829 // 
            
            
            
            CNNVD: CNNVD-201803-296 // 
            
            
            
            NVD: CVE-2017-17280

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180307-01-phone-en
Trust: 2.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17280
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-17280
Trust: 0.8
url:http://www.huawei.com/cn/psirt/security-advisories/2018/huawei-sa-20180307-01-phone-cn
Trust: 0.6
url:http://www.huawei.com
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2018-04769 // 
            
            
            
            VULHUB: VHN-108287 // 
            
            
            
            BID: 103690 // 
            
            
            
            JVNDB: JVNDB-2017-012829 // 
            
            
            
            CNNVD: CNNVD-201803-296 // 
            
            
            
            NVD: CVE-2017-17280

CREDITS
The vendor reported the issue.
Trust: 0.3
sources:
            
            
            BID: 103690

SOURCES
db:CNVDid:CNVD-2018-04769
db:VULHUBid:VHN-108287
db:BIDid:103690
db:JVNDBid:JVNDB-2017-012829
db:CNNVDid:CNNVD-201803-296
db:NVDid:CVE-2017-17280

LAST UPDATE DATE
2024-11-23T22:52:11.878000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-04769date:2018-03-09T00:00:00
db:VULHUBid:VHN-108287date:2018-03-27T00:00:00
db:BIDid:103690date:2018-03-07T00:00:00
db:JVNDBid:JVNDB-2017-012829date:2018-04-20T00:00:00
db:CNNVDid:CNNVD-201803-296date:2018-03-13T00:00:00
db:NVDid:CVE-2017-17280date:2024-11-21T03:17:44.467

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-04769date:2018-03-09T00:00:00
db:VULHUBid:VHN-108287date:2018-03-09T00:00:00
db:BIDid:103690date:2018-03-07T00:00:00
db:JVNDBid:JVNDB-2017-012829date:2018-04-20T00:00:00
db:CNNVDid:CNNVD-201803-296date:2018-03-13T00:00:00
db:NVDid:CVE-2017-17280date:2018-03-09T17:29:01.657