Sign-up

ID

VAR-201803-0203


CVE

CVE-2017-17325


TITLE

Huawei video applications HiCinema Permissions vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-012882

DESCRIPTION

Huawei video applications HiCinema with software of 8.0.3.308; 8.0.4.300 have a permission control vulnerability. Due to improper verification of specific interface, an attacker who is on the same network with the user can obtain some information through a man-in-the-middle attack. An attacker may exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. The vulnerability is caused by the incorrect execution of the program verification

Trust: 1.98

sources: NVD: CVE-2017-17325 // JVNDB: JVNDB-2017-012882 // BID: 103509 // VULHUB: VHN-108336

AFFECTED PRODUCTS

vendor:huaweimodel:hicinemascope:eqversion:8.0.4.300

Trust: 2.7

vendor:huaweimodel:hicinemascope:eqversion:8.0.3.308

Trust: 2.7

vendor:huaweimodel:hicinemascope:neversion:8.0.5.304

Trust: 0.3

sources: BID: 103509 // JVNDB: JVNDB-2017-012882 // CNNVD: CNNVD-201803-290 // NVD: CVE-2017-17325

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-17325
value: LOW

Trust: 1.0

NVD: CVE-2017-17325
value: LOW

Trust: 0.8

CNNVD: CNNVD-201803-290
value: LOW

Trust: 0.6

VULHUB: VHN-108336
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-17325
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-108336
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-17325
baseSeverity: LOW
baseScore: 3.7
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-108336 // JVNDB: JVNDB-2017-012882 // CNNVD: CNNVD-201803-290 // NVD: CVE-2017-17325

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-275

Trust: 0.9

sources: VULHUB: VHN-108336 // JVNDB: JVNDB-2017-012882 // NVD: CVE-2017-17325

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201803-290

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201803-290

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-012882

PATCH
title:huawei-sa-20180307-01-hicinemaurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180307-01-hicinema-en
Trust: 0.8
title:Huawei video applications HiCinema Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79012
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-012882 // 
            
            
            
            CNNVD: CNNVD-201803-290

EXTERNAL IDS
db:NVDid:CVE-2017-17325
Trust: 2.8
db:JVNDBid:JVNDB-2017-012882
Trust: 0.8
db:CNNVDid:CNNVD-201803-290
Trust: 0.6
db:BIDid:103509
Trust: 0.4
db:VULHUBid:VHN-108336
Trust: 0.1
sources:
            
            
            VULHUB: VHN-108336 // 
            
            
            
            BID: 103509 // 
            
            
            
            JVNDB: JVNDB-2017-012882 // 
            
            
            
            CNNVD: CNNVD-201803-290 // 
            
            
            
            NVD: CVE-2017-17325

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180307-01-hicinema-en
Trust: 2.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17325
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-17325
Trust: 0.8
url:http://www.huawei.com/en/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-108336 // 
            
            
            
            BID: 103509 // 
            
            
            
            JVNDB: JVNDB-2017-012882 // 
            
            
            
            CNNVD: CNNVD-201803-290 // 
            
            
            
            NVD: CVE-2017-17325

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 103509

SOURCES
db:VULHUBid:VHN-108336
db:BIDid:103509
db:JVNDBid:JVNDB-2017-012882
db:CNNVDid:CNNVD-201803-290
db:NVDid:CVE-2017-17325

LAST UPDATE DATE
2024-11-23T23:02:12.175000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-108336date:2019-10-03T00:00:00
db:BIDid:103509date:2018-03-07T00:00:00
db:JVNDBid:JVNDB-2017-012882date:2018-04-26T00:00:00
db:CNNVDid:CNNVD-201803-290date:2019-10-23T00:00:00
db:NVDid:CVE-2017-17325date:2024-11-21T03:17:50.450

SOURCES RELEASE DATE
db:VULHUBid:VHN-108336date:2018-03-09T00:00:00
db:BIDid:103509date:2018-03-07T00:00:00
db:JVNDBid:JVNDB-2017-012882date:2018-04-26T00:00:00
db:CNNVDid:CNNVD-201803-290date:2018-03-13T00:00:00
db:NVDid:CVE-2017-17325date:2018-03-09T17:29:02.080