Sign-up

ID

VAR-201803-0200


CVE

CVE-2017-17322


TITLE

Huawei Honor Smart Scale Application Information disclosure vulnerability in Japanese software

Trust: 0.8

sources: JVNDB: JVNDB-2017-012800

DESCRIPTION

Huawei Honor Smart Scale Application with software of 1.1.1 has an information disclosure vulnerability. The application does not sufficiently restrict the resource which can be accessed by certain protocol. An attacker could trick the user to click a malicious link, successful exploit could cause information disclosure

Trust: 2.07

sources: NVD: CVE-2017-17322 // JVNDB: JVNDB-2017-012800 // BID: 103442 // VULHUB: VHN-108333 // VULMON: CVE-2017-17322

AFFECTED PRODUCTS

vendor:huaweimodel:honor smart scale applicationscope:eqversion:1.1.1

Trust: 2.7

vendor:huaweimodel:honor smart scale applicationscope:neversion:1.1.2

Trust: 0.3

sources: BID: 103442 // JVNDB: JVNDB-2017-012800 // CNNVD: CNNVD-201803-293 // NVD: CVE-2017-17322

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-17322
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-17322
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201803-293
value: MEDIUM

Trust: 0.6

VULHUB: VHN-108333
value: MEDIUM

Trust: 0.1

VULMON: CVE-2017-17322
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-17322
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-108333
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-17322
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-108333 // VULMON: CVE-2017-17322 // JVNDB: JVNDB-2017-012800 // CNNVD: CNNVD-201803-293 // NVD: CVE-2017-17322

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-108333 // JVNDB: JVNDB-2017-012800 // NVD: CVE-2017-17322

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201803-293

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201803-293

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-012800

PATCH
title:huawei-sa-20180309-01-ahurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180309-01-ah-en
Trust: 0.8
title:Huawei Honor Smart Scale Application Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79015
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-012800 // 
            
            
            
            CNNVD: CNNVD-201803-293

EXTERNAL IDS
db:NVDid:CVE-2017-17322
Trust: 2.9
db:BIDid:103442
Trust: 1.5
db:JVNDBid:JVNDB-2017-012800
Trust: 0.8
db:CNNVDid:CNNVD-201803-293
Trust: 0.7
db:VULHUBid:VHN-108333
Trust: 0.1
db:VULMONid:CVE-2017-17322
Trust: 0.1
sources:
            
            
            VULHUB: VHN-108333 // 
            
            
            
            VULMON: CVE-2017-17322 // 
            
            
            
            BID: 103442 // 
            
            
            
            JVNDB: JVNDB-2017-012800 // 
            
            
            
            CNNVD: CNNVD-201803-293 // 
            
            
            
            NVD: CVE-2017-17322

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180309-01-ah-en
Trust: 2.1
url:http://www.securityfocus.com/bid/103442
Trust: 1.2
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17322
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-17322
Trust: 0.8
url:http://www.huawei.com
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/200.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-108333 // 
            
            
            
            VULMON: CVE-2017-17322 // 
            
            
            
            BID: 103442 // 
            
            
            
            JVNDB: JVNDB-2017-012800 // 
            
            
            
            CNNVD: CNNVD-201803-293 // 
            
            
            
            NVD: CVE-2017-17322

CREDITS
The vendor reported this issue
Trust: 0.3
sources:
            
            
            BID: 103442

SOURCES
db:VULHUBid:VHN-108333
db:VULMONid:CVE-2017-17322
db:BIDid:103442
db:JVNDBid:JVNDB-2017-012800
db:CNNVDid:CNNVD-201803-293
db:NVDid:CVE-2017-17322

LAST UPDATE DATE
2024-11-23T22:12:39.202000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-108333date:2018-03-26T00:00:00
db:VULMONid:CVE-2017-17322date:2018-03-26T00:00:00
db:BIDid:103442date:2018-03-09T00:00:00
db:JVNDBid:JVNDB-2017-012800date:2018-04-18T00:00:00
db:CNNVDid:CNNVD-201803-293date:2018-03-13T00:00:00
db:NVDid:CVE-2017-17322date:2024-11-21T03:17:50.103

SOURCES RELEASE DATE
db:VULHUBid:VHN-108333date:2018-03-09T00:00:00
db:VULMONid:CVE-2017-17322date:2018-03-09T00:00:00
db:BIDid:103442date:2018-03-09T00:00:00
db:JVNDBid:JVNDB-2017-012800date:2018-04-18T00:00:00
db:CNNVDid:CNNVD-201803-293date:2018-03-13T00:00:00
db:NVDid:CVE-2017-17322date:2018-03-09T17:29:01.923