Lucene search

[email protected]NVD:CVE-2017-8154

HistoryApr 11, 2018 - 5:29 p.m.

CVE-2017-8154

2018-04-1117:29:00

CWE-319

[email protected]

web.nvd.nist.gov

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

29.2%

JSON

The Themes App Honor 8 Lite Huawei mobile phones with software of versions before Prague-L31C576B172, versions before Prague-L31C530B160, versions before Prague-L31C432B180 has a man-in-the-middle (MITM) vulnerability due to the use of the insecure HTTP protocol for theme download. An attacker may exploit this vulnerability to tamper with downloaded themes.

Affected configurations

NVD

Node

huaweihonor_8_lite_firmwareRange<prague-l31c530b160

AND

huaweihonor_8_liteMatch-

Node

huaweihonor_8_lite_firmwareRange<prague-l31c576b172

AND

huaweihonor_8_liteMatch-

Node

huaweihonor_8_lite_firmwareRange<prague-l31c432b180

AND

huaweihonor_8_liteMatch-

References

www.huawei.com/en/psirt/security-advisories/huawei-sa-20170908-01-smartphone-en

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

29.2%

JSON

Related for NVD:CVE-2017-8154

cvelist1 prion1 cve1 huawei1