Lucene search

Huawei TechnologiesHUAWEI-SA-20170920-01-ENCRYPTION

HistorySep 20, 2017 - 12:00 a.m.

Security Advisory - Information Exposure Vulnerability in Huawei Products

2017-09-2000:00:00

Huawei Technologies

www.huawei.com

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

46.4%

JSON

Some Huawei products have an information exposure vulnerability. Encryption keys are stored in the system. The attacker can implement reverse engineering to obtain the encryption keys, causing information exposure. (Vulnerability ID: HWPSIRT-2017-07133)

This vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-2704.

Huawei has released software updates to fix these vulnerabilities. This advisory is available at the following link:

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170920-01-encryption-en

Affected configurations

Vulners

Node

huaweismarthomeRange<1.0.2.364

huaweihiappRange<7.3.0.303

huaweihwparentcontrolRange<2.0.0

huaweihwparentcontrolparentRange<5.1.0.12

huaweicrowdtestRange<1.5.3

huaweihiwalletRange<8.0.0.301

huaweihuawei_payRange<8.0.0.300

huaweiskytoneRange<8.1.2.300

huaweihwclouddriveemui6.0\)_firmwareRange<8.0.0.307

huaweihwphonefinder\(emui6.0\)Range<9.3.0.310

huaweihwphonefinder\(emui5.1\)Range<9.2.2.303

huaweihicinemaRange<8.0.2.300

huaweihuaweiwearRange<21.0.0.360

huaweihihealthappRange<3.0.3.300

VendorProductVersionCPE
huaweismarthome*cpe:2.3:a:huawei:smarthome:*:*:*:*:*:*:*:*
huaweihiapp*cpe:2.3:a:huawei:hiapp:*:*:*:*:*:*:*:*
huaweihwparentcontrol*cpe:2.3:a:huawei:hwparentcontrol:*:*:*:*:*:*:*:*
huaweihwparentcontrolparent*cpe:2.3:a:huawei:hwparentcontrolparent:*:*:*:*:*:*:*:*
huaweicrowdtest*cpe:2.3:a:huawei:crowdtest:*:*:*:*:*:*:*:*
huaweihiwallet*cpe:2.3:a:huawei:hiwallet:*:*:*:*:*:*:*:*
huaweihuawei_pay*cpe:2.3:a:huawei:huawei_pay:*:*:*:*:*:*:*:*
huaweiskytone*cpe:2.3:a:huawei:skytone:*:*:*:*:*:*:*:*
huaweihwclouddriveemui6.0\)_firmware*cpe:2.3:a:huawei:hwclouddriveemui6.0\)_firmware:*:*:*:*:*:*:*:*
huaweihwphonefinder\(emui6.0\)*cpe:2.3:a:huawei:hwphonefinder\(emui6.0\):*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
huawei	smarthome	*	cpe:2.3:a:huawei:smarthome::::::::
huawei	hiapp	*	cpe:2.3:a:huawei:hiapp::::::::
huawei	hwparentcontrol	*	cpe:2.3:a:huawei:hwparentcontrol::::::::
huawei	hwparentcontrolparent	*	cpe:2.3:a:huawei:hwparentcontrolparent::::::::
huawei	crowdtest	*	cpe:2.3:a:huawei:crowdtest::::::::
huawei	hiwallet	*	cpe:2.3:a:huawei:hiwallet::::::::
huawei	huawei_pay	*	cpe:2.3:a:huawei:huawei_pay::::::::
huawei	skytone	*	cpe:2.3:a:huawei:skytone::::::::
huawei	hwclouddriveemui6.0\)_firmware	*	cpe:2.3:a:huawei:hwclouddriveemui6.0\)_firmware::::::::
huawei	hwphonefinder\(emui6.0\)	*	cpe:2.3:a:huawei:hwphonefinder\(emui6.0\)::::::::

Rows per page:

1-10 of 141

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

46.4%

JSON

Related for HUAWEI-SA-20170920-01-ENCRYPTION