All the vulnerabilites related to huawei - hisuite
Vulnerability from fkie_nvd
Published
2017-04-02 20:59
Modified
2024-11-21 02:59
Severity ?
Summary
Huawei PC client software HiSuite 4.0.5.300_OVE has a dynamic link library (DLL) hijack vulnerability; an attacker can make the system load malicious DLL files to execute arbitrary code.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:huawei:hisuite:4.0.5.300_ove:*:*:*:*:*:*:*",
"matchCriteriaId": "05CF2741-642E-4635-9379-92C749AE7B62",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Huawei PC client software HiSuite 4.0.5.300_OVE has a dynamic link library (DLL) hijack vulnerability; an attacker can make the system load malicious DLL files to execute arbitrary code."
},
{
"lang": "es",
"value": "El software de cliente Huawei PC HiSuite 4.0.5.300_OVE tiene una vulnerabilidad de secuestro DLL; un atacante puede hacer que el sistema cargue archivos DLL maliciosos para ejecutar c\u00f3digo arbitrario."
}
],
"id": "CVE-2016-8274",
"lastModified": "2024-11-21T02:59:03.540",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-02T20:59:01.017",
"references": [
{
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160905-01-hisuite-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160905-01-hisuite-en"
}
],
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-06-13 16:29
Modified
2024-11-21 04:44
Severity ?
Summary
HiSuite 9.1.0.300 versions and earlier contains a DLL hijacking vulnerability. This vulnerability exists due to some DLL file is loaded by HiSuite improperly. And it allows an attacker to load this DLL file of the attacker's choosing that could execute arbitrary code.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:huawei:hisuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3AA3064-D83F-4E50-BD5F-8E36C216A240",
"versionEndIncluding": "9.1.0.300",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HiSuite 9.1.0.300 versions and earlier contains a DLL hijacking vulnerability. This vulnerability exists due to some DLL file is loaded by HiSuite improperly. And it allows an attacker to load this DLL file of the attacker\u0027s choosing that could execute arbitrary code."
},
{
"lang": "es",
"value": "Las versiones HiSuite 9.1.0.300 y anteriores contiene un vulnerabilidad de secuestro DLL. Esta vulnerabilidad existe debido a algunos archivos DLL son cargados por HiSuite incorrectamente. Y esto permite a un atacante cargar este archivo DLL de la elecci\u00f3n del atacante que podr\u00eda ejecutar un c\u00f3digo arbitrario."
}
],
"id": "CVE-2019-5245",
"lastModified": "2024-11-21T04:44:35.823",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-06-13T16:29:01.607",
"references": [
{
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190612-01-dllhijacking-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190612-01-dllhijacking-en"
}
],
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-29 20:15
Modified
2024-11-21 04:44
Severity ?
Summary
HiSuite with 9.1.0.305 and earlier versions and 9.1.0.305(MAC) and earlier versions and HwBackup with earlier versions before 9.1.1.308 have a brute forcing encrypted backup data vulnerability. Huawei smartphone user backup information can be obtained by brute forcing the password for encrypting the backup.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:huawei:hisuite:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "7D75F234-2669-42CA-A0A1-B098090311C8",
"versionEndIncluding": "9.1.0.305",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:hisuite:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "C441C288-AA09-4D71-A6B2-9CD5301AE6FA",
"versionEndIncluding": "9.1.0.305",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:hwbackup:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE40AA61-6819-49F0-A027-35ED2F81B89A",
"versionEndIncluding": "9.1.1.308",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HiSuite with 9.1.0.305 and earlier versions and 9.1.0.305(MAC) and earlier versions and HwBackup with earlier versions before 9.1.1.308 have a brute forcing encrypted backup data vulnerability. Huawei smartphone user backup information can be obtained by brute forcing the password for encrypting the backup."
},
{
"lang": "es",
"value": "HiSuite con versiones 9.1.0.305 y anteriores y 9.1.0.305(MAC) y anteriores y HwBackup con versiones anteriores a 9.1.1.308, presentan una vulnerabilidad de datos de copia de seguridad encriptados por fuerza bruta. La informaci\u00f3n de la copia de seguridad del usuario del tel\u00e9fono inteligente Huawei puede ser obtenida mediante fuerza bruta de la contrase\u00f1a para cifrar la copia de seguridad."
}
],
"id": "CVE-2019-5263",
"lastModified": "2024-11-21T04:44:37.923",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-29T20:15:12.003",
"references": [
{
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190821-01-backup-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190821-01-backup-en"
}
],
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-307"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-04-02 20:59
Modified
2024-11-21 02:59
Severity ?
Summary
Huawei PC client software HiSuite 4.0.5.300_OVE uses insecure HTTP for upgrade software package download and does not check the integrity of the software package before installing; an attacker can launch an MITM attack to interrupt or replace the downloaded software package and further compromise the PC.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:huawei:hisuite:4.0.5.300_ove:*:*:*:*:*:*:*",
"matchCriteriaId": "05CF2741-642E-4635-9379-92C749AE7B62",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Huawei PC client software HiSuite 4.0.5.300_OVE uses insecure HTTP for upgrade software package download and does not check the integrity of the software package before installing; an attacker can launch an MITM attack to interrupt or replace the downloaded software package and further compromise the PC."
},
{
"lang": "es",
"value": "El software de cliente Huawei PC HiSuite 4.0.5.300_OVE utiliza HTTP inseguro para la descarga de paquetes de actualizaci\u00f3n del software y no comprueba la integridad del paquete de software antes de instalar; un atacante puede lanzar un ataque MITM para interrumpir o reemplazar el paquete de software descargado y comprometer a\u00fan m\u00e1s el PC."
}
],
"id": "CVE-2016-8273",
"lastModified": "2024-11-21T02:59:03.430",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-02T20:59:00.970",
"references": [
{
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160905-01-hisuite-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160905-01-hisuite-en"
}
],
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
},
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-29 20:15
Modified
2024-11-21 04:44
Severity ?
Summary
P30, P30 Pro, Mate 20 smartphones with software of versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1), versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R2P1), versions earlier than Hima-AL00B 9.1.0.135(C00E133R2P1) and HiSuite with versions earlier than HiSuite 9.1.0.305 have a version downgrade vulnerability. The device and HiSuite software do not validate the upgrade package sufficiently, so that the system of smartphone can be downgraded to an older version.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| huawei | p30_firmware | * | |
| huawei | p30 | - | |
| huawei | p30_pro_firmware | * | |
| huawei | p30_pro | - | |
| huawei | mate_20_firmware | * | |
| huawei | mate_20 | - | |
| huawei | hisuite_firmware | * | |
| huawei | hisuite | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:p30_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "685D05E1-BFE2-469D-AF24-B9B5175C2D3E",
"versionEndExcluding": "elle-al00b_9.1.0.193\\(c00e190r2p1\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:p30:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21EE286C-8111-4F59-8CF1-13C68EA76B21",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:p30_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E1822A93-8ED2-4E74-8AE2-30176892F67B",
"versionEndExcluding": "vogue-al00a_9.1.0.193\\(c00e190r2p1\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:p30_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DB671DB-CB5B-46E0-B221-722D051184DE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:mate_20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7113FB5E-9B2A-4829-BB70-1067911BC880",
"versionEndExcluding": "hima-al00b_9.1.0.135\\(c00e133r2p1\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:mate_20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B5322963-9375-4E4E-8119-895C224003AE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:hisuite_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "23B293EE-9920-42CB-AC07-17F004CFA501",
"versionEndExcluding": "9.1.0.305",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:hisuite:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2C5F20DB-9D2E-4357-89D4-62DC2A6E9F02",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "P30, P30 Pro, Mate 20 smartphones with software of versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1), versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R2P1), versions earlier than Hima-AL00B 9.1.0.135(C00E133R2P1) and HiSuite with versions earlier than HiSuite 9.1.0.305 have a version downgrade vulnerability. The device and HiSuite software do not validate the upgrade package sufficiently, so that the system of smartphone can be downgraded to an older version."
},
{
"lang": "es",
"value": "Los tel\u00e9fonos inteligentes P30, P30 Pro, Mate 20 con software de versiones anteriores a ELLE-AL00B 9.1.0.193(C00E190R2P1), versiones anteriores a VOGUE-AL00A 9.1.0.193(C00E190R2P1), versiones anteriores a Hima-AL00B 9.1.0.135(C00E133R2P1) y HiSuite con versiones anteriores a HiSuite 9.1.0.305, presenta una vulnerabilidad de degradado de versi\u00f3n. El dispositivo y el software HiSuite no comprueban el paquete de actualizaci\u00f3n lo suficiente, de modo que el sistema del tel\u00e9fono inteligente puede degradarse a una versi\u00f3n anterior."
}
],
"id": "CVE-2019-5227",
"lastModified": "2024-11-21T04:44:33.753",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-29T20:15:11.863",
"references": [
{
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190904-01-smartphone-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190904-01-smartphone-en"
}
],
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-346"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-07-06 18:15
Modified
2024-11-21 05:40
Severity ?
Summary
Earlier than HiSuite 10.1.0.500 have a DLL hijacking vulnerability. This vulnerability exists due to some DLL file is loaded by HiSuite improperly. And it allows an attacker to load this DLL file of the attacker's choosing.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:huawei:hisuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E11793F7-E277-4901-97C2-89C89E74EB81",
"versionEndExcluding": "10.1.0.500",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Earlier than HiSuite 10.1.0.500 have a DLL hijacking vulnerability. This vulnerability exists due to some DLL file is loaded by HiSuite improperly. And it allows an attacker to load this DLL file of the attacker\u0027s choosing."
},
{
"lang": "es",
"value": "Antes de HiSuite versi\u00f3n 10.1.0.500, se presenta una vulnerabilidad de secuestro DLL. Esta vulnerabilidad se presenta debido a que alg\u00fan archivo DLL es cargado por HiSuite inapropiadamente. Y permite a un atacante cargar este archivo DLL de la elecci\u00f3n del atacante"
}
],
"id": "CVE-2020-9100",
"lastModified": "2024-11-21T05:40:01.570",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-07-06T18:15:21.323",
"references": [
{
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200701-01-dllhijacking-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200701-01-dllhijacking-en"
}
],
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-07-13 15:59
Modified
2024-11-21 02:55
Severity ?
Summary
Huawei HiSuite before 4.0.4.204_ove (Out of China) and before 4.0.4.301 (China) use a weak ACL (FILE_WRITE_DATA for BUILTIN\Users) for the HiSuite service directory, which allows local users to gain SYSTEM privileges via a Trojan horse (1) SspiCli.dll or (2) USERENV.dll file or possibly other unspecified DLL files.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:huawei:hisuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A24E8325-D07E-45B5-A7D8-C8BFE951A22F",
"versionEndIncluding": "4.0.3.301",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Huawei HiSuite before 4.0.4.204_ove (Out of China) and before 4.0.4.301 (China) use a weak ACL (FILE_WRITE_DATA for BUILTIN\\Users) for the HiSuite service directory, which allows local users to gain SYSTEM privileges via a Trojan horse (1) SspiCli.dll or (2) USERENV.dll file or possibly other unspecified DLL files."
},
{
"lang": "es",
"value": "Huawei HiSuite en versiones anteriores a 4.0.4.204_ove (fuera de China) y en versiones anteriores a 4.0.4.301 (China) utiliza un ACL d\u00e9bil (FILE_WRITE_DATA para BUILTIN\\Users) para el directorio de servicio HiSuite, lo que permite a usuarios locales obtener privilegios SYSTEM a trav\u00e9s de un archivo Troyano (1) SspiCli.dll o (2) USERENV.dll o posiblemente otros archivos DLL no especificados."
}
],
"id": "CVE-2016-5821",
"lastModified": "2024-11-21T02:55:04.320",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-07-13T15:59:09.013",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/137733/Huawei-HiSuite-For-Windows-4.0.3.301-Privilege-Escalation.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160624-01-hisuite-en"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/538797/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/91418"
},
{
"source": "cve@mitre.org",
"url": "https://labs.bluefrostsecurity.de/advisories/bfs-sa-2016-003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/137733/Huawei-HiSuite-For-Windows-4.0.3.301-Privilege-Escalation.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160624-01-hisuite-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/538797/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/91418"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://labs.bluefrostsecurity.de/advisories/bfs-sa-2016-003/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-06-30 16:59
Modified
2024-11-21 02:51
Severity ?
Summary
Huawei HiSuite (In China) before 4.0.4.301 and (Out of China) before 4.0.4.204_ove allows remote attackers to install arbitrary apps on a connected phone via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:huawei:hisuite:2.3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "A4653633-6849-406F-BE2B-FA215CBF05A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:hisuite:2.3.28:*:*:*:*:*:*:*",
"matchCriteriaId": "628F1DD6-6426-4BE1-88D7-B557EF92F26A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:hisuite:2.3.35:*:*:*:*:*:*:*",
"matchCriteriaId": "25631EB2-B181-4615-855B-B0D779D13B97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:hisuite:2.3.42:*:*:*:*:*:*:*",
"matchCriteriaId": "2959C5A3-04CA-45EE-9D17-D8DB3715668C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:hisuite:2.3.50:*:*:*:*:*:*:*",
"matchCriteriaId": "B94825DF-9B6B-4383-AD7D-FF0C15154D2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:hisuite:2.3.55:*:*:*:*:*:*:*",
"matchCriteriaId": "BE8BFB28-7A5F-4D99-9E8E-C2D1922E348F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:hisuite:2.3.55.1:*:*:*:*:*:*:*",
"matchCriteriaId": "806DD5E8-0AF8-466B-8B1A-F804B8A00777",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Huawei HiSuite (In China) before 4.0.4.301 and (Out of China) before 4.0.4.204_ove allows remote attackers to install arbitrary apps on a connected phone via unspecified vectors."
},
{
"lang": "es",
"value": "Huawei HiSuite (en China) en versiones anteriores a 4.0.4.301 y (fuera de China) en versiones anteriores a 4.0.4.204_ove permite a atacantes remotos instalar aplicaciones arbitrarias en un tel\u00e9fono conectado a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2016-4086",
"lastModified": "2024-11-21T02:51:20.167",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.9,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 5.5,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-06-30T16:59:02.507",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160422-01-hisuite-en"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/92622"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160422-01-hisuite-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/92622"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-04-02 20:59
Modified
2024-11-21 02:59
Severity ?
Summary
Huawei PC client software HiSuite 4.0.5.300_OVE has an information leak vulnerability; an attacker who can log in to the system can copy out the user's proxy password, causing information leaks.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:huawei:hisuite:4.0.5.300_ove:*:*:*:*:*:*:*",
"matchCriteriaId": "05CF2741-642E-4635-9379-92C749AE7B62",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Huawei PC client software HiSuite 4.0.5.300_OVE has an information leak vulnerability; an attacker who can log in to the system can copy out the user\u0027s proxy password, causing information leaks."
},
{
"lang": "es",
"value": "El software de cliente Huawei PC HiSuite 4.0.5.300_OVE tiene una vulnerabilidad de fuga de informaci\u00f3n; un atacante que pueda iniciar sesi\u00f3n en el sistema puede copiar fura la contrase\u00f1a de usuario del proxy, causando fugas de informaci\u00f3n."
}
],
"id": "CVE-2016-8272",
"lastModified": "2024-11-21T02:59:03.313",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-02T20:59:00.937",
"references": [
{
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160905-01-hisuite-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160905-01-hisuite-en"
}
],
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-29 19:15
Modified
2024-11-21 04:44
Severity ?
Summary
P30, P30 Pro, Mate 20 smartphones with software of versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1), versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R2P1), versions earlier than Hima-AL00B 9.1.0.135(C00E133R2P1) and HiSuite with versions earlier than HiSuite 9.1.0.305 have a version downgrade vulnerability. The device and HiSuite software do not validate the upgrade package sufficiently, so that the system of smartphone can be downgraded to an older version.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| huawei | p30_firmware | * | |
| huawei | p30 | - | |
| huawei | p30_pro_firmware | * | |
| huawei | p30_pro | - | |
| huawei | mate_20_firmware | * | |
| huawei | mate_20 | - | |
| huawei | hisuite_firmware | * | |
| huawei | hisuite | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:p30_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "685D05E1-BFE2-469D-AF24-B9B5175C2D3E",
"versionEndExcluding": "elle-al00b_9.1.0.193\\(c00e190r2p1\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:p30:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21EE286C-8111-4F59-8CF1-13C68EA76B21",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:p30_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E1822A93-8ED2-4E74-8AE2-30176892F67B",
"versionEndExcluding": "vogue-al00a_9.1.0.193\\(c00e190r2p1\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:p30_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DB671DB-CB5B-46E0-B221-722D051184DE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:mate_20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7113FB5E-9B2A-4829-BB70-1067911BC880",
"versionEndExcluding": "hima-al00b_9.1.0.135\\(c00e133r2p1\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:mate_20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B5322963-9375-4E4E-8119-895C224003AE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:hisuite_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "23B293EE-9920-42CB-AC07-17F004CFA501",
"versionEndExcluding": "9.1.0.305",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:hisuite:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2C5F20DB-9D2E-4357-89D4-62DC2A6E9F02",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "P30, P30 Pro, Mate 20 smartphones with software of versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1), versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R2P1), versions earlier than Hima-AL00B 9.1.0.135(C00E133R2P1) and HiSuite with versions earlier than HiSuite 9.1.0.305 have a version downgrade vulnerability. The device and HiSuite software do not validate the upgrade package sufficiently, so that the system of smartphone can be downgraded to an older version."
},
{
"lang": "es",
"value": "Los tel\u00e9fonos inteligentes P30, P30 Pro, Mate 20 con software de versiones anteriores a ELLE-AL00B 9.1.0.193(C00E190R2P1), versiones anteriores a VOGUE-AL00A 9.1.0.193(C00E190R2P1), versiones anteriores a Hima-AL00B 9.1.0.135 (C00E133R2P1) y HiSuite con versiones anteriores a HiSuite 9.1.0.305, presentan una vulnerabilidad de degradaci\u00f3n de versi\u00f3n. El dispositivo y el software HiSuite no comprueban el paquete de actualizaci\u00f3n suficientemente, de modo que el sistema del tel\u00e9fono inteligente puede degradarse a una versi\u00f3n anterior."
}
],
"id": "CVE-2019-5226",
"lastModified": "2024-11-21T04:44:33.630",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-29T19:15:12.057",
"references": [
{
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190904-01-smartphone-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190904-01-smartphone-en"
}
],
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-346"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2019-5245
Vulnerability from cvelistv5
Published
2019-06-13 15:41
Modified
2024-08-04 19:47
Severity ?
EPSS score ?
Summary
HiSuite 9.1.0.300 versions and earlier contains a DLL hijacking vulnerability. This vulnerability exists due to some DLL file is loaded by HiSuite improperly. And it allows an attacker to load this DLL file of the attacker's choosing that could execute arbitrary code.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190612-01-dllhijacking-en | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:47:56.718Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190612-01-dllhijacking-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HiSuite",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Earlier than HiSuite 9.1.0.300 versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HiSuite 9.1.0.300 versions and earlier contains a DLL hijacking vulnerability. This vulnerability exists due to some DLL file is loaded by HiSuite improperly. And it allows an attacker to load this DLL file of the attacker\u0027s choosing that could execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "DLL hijacking",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-13T15:41:16",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190612-01-dllhijacking-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2019-5245",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HiSuite",
"version": {
"version_data": [
{
"version_value": "Earlier than HiSuite 9.1.0.300 versions"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HiSuite 9.1.0.300 versions and earlier contains a DLL hijacking vulnerability. This vulnerability exists due to some DLL file is loaded by HiSuite improperly. And it allows an attacker to load this DLL file of the attacker\u0027s choosing that could execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DLL hijacking"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190612-01-dllhijacking-en",
"refsource": "MISC",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190612-01-dllhijacking-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2019-5245",
"datePublished": "2019-06-13T15:41:16",
"dateReserved": "2019-01-04T00:00:00",
"dateUpdated": "2024-08-04T19:47:56.718Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-5227
Vulnerability from cvelistv5
Published
2019-11-29 19:24
Modified
2024-08-04 19:47
Severity ?
EPSS score ?
Summary
P30, P30 Pro, Mate 20 smartphones with software of versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1), versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R2P1), versions earlier than Hima-AL00B 9.1.0.135(C00E133R2P1) and HiSuite with versions earlier than HiSuite 9.1.0.305 have a version downgrade vulnerability. The device and HiSuite software do not validate the upgrade package sufficiently, so that the system of smartphone can be downgraded to an older version.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190904-01-smartphone-en | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | P30, P30 Pro, Mate 20, HiSuite |
Version: Versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1), Versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R2P1), Versions earlier than Hima-AL00B 9.1.0.135(C00E133R2P1), Versions earlier than HiSuite 9.1.0.305 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:47:56.916Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190904-01-smartphone-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "P30, P30 Pro, Mate 20, HiSuite",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1), Versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R2P1), Versions earlier than Hima-AL00B 9.1.0.135(C00E133R2P1), Versions earlier than HiSuite 9.1.0.305"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "P30, P30 Pro, Mate 20 smartphones with software of versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1), versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R2P1), versions earlier than Hima-AL00B 9.1.0.135(C00E133R2P1) and HiSuite with versions earlier than HiSuite 9.1.0.305 have a version downgrade vulnerability. The device and HiSuite software do not validate the upgrade package sufficiently, so that the system of smartphone can be downgraded to an older version."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "version downgrade",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-29T19:24:05",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190904-01-smartphone-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2019-5227",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "P30, P30 Pro, Mate 20, HiSuite",
"version": {
"version_data": [
{
"version_value": "Versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1), Versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R2P1), Versions earlier than Hima-AL00B 9.1.0.135(C00E133R2P1), Versions earlier than HiSuite 9.1.0.305"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "P30, P30 Pro, Mate 20 smartphones with software of versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1), versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R2P1), versions earlier than Hima-AL00B 9.1.0.135(C00E133R2P1) and HiSuite with versions earlier than HiSuite 9.1.0.305 have a version downgrade vulnerability. The device and HiSuite software do not validate the upgrade package sufficiently, so that the system of smartphone can be downgraded to an older version."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "version downgrade"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190904-01-smartphone-en",
"refsource": "CONFIRM",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190904-01-smartphone-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2019-5227",
"datePublished": "2019-11-29T19:24:05",
"dateReserved": "2019-01-04T00:00:00",
"dateUpdated": "2024-08-04T19:47:56.916Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-9100
Vulnerability from cvelistv5
Published
2020-07-06 17:24
Modified
2024-08-04 10:19
Severity ?
EPSS score ?
Summary
Earlier than HiSuite 10.1.0.500 have a DLL hijacking vulnerability. This vulnerability exists due to some DLL file is loaded by HiSuite improperly. And it allows an attacker to load this DLL file of the attacker's choosing.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200701-01-dllhijacking-en | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:19:19.849Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200701-01-dllhijacking-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HiSuite",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Earlier than HiSuite 10.1.0.500"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Earlier than HiSuite 10.1.0.500 have a DLL hijacking vulnerability. This vulnerability exists due to some DLL file is loaded by HiSuite improperly. And it allows an attacker to load this DLL file of the attacker\u0027s choosing."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "DLL Hijacking",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-06T17:24:56",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200701-01-dllhijacking-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2020-9100",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HiSuite",
"version": {
"version_data": [
{
"version_value": "Earlier than HiSuite 10.1.0.500"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Earlier than HiSuite 10.1.0.500 have a DLL hijacking vulnerability. This vulnerability exists due to some DLL file is loaded by HiSuite improperly. And it allows an attacker to load this DLL file of the attacker\u0027s choosing."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DLL Hijacking"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200701-01-dllhijacking-en",
"refsource": "MISC",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200701-01-dllhijacking-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2020-9100",
"datePublished": "2020-07-06T17:24:56",
"dateReserved": "2020-02-18T00:00:00",
"dateUpdated": "2024-08-04T10:19:19.849Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-8273
Vulnerability from cvelistv5
Published
2017-04-02 20:00
Modified
2024-08-06 02:13
Severity ?
EPSS score ?
Summary
Huawei PC client software HiSuite 4.0.5.300_OVE uses insecure HTTP for upgrade software package download and does not check the integrity of the software package before installing; an attacker can launch an MITM attack to interrupt or replace the downloaded software package and further compromise the PC.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160905-01-hisuite-en | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | HiSuite 4.0.5.300_OVE |
Version: HiSuite 4.0.5.300_OVE |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:13:21.878Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160905-01-hisuite-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HiSuite 4.0.5.300_OVE",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "HiSuite 4.0.5.300_OVE"
}
]
}
],
"datePublic": "2017-03-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Huawei PC client software HiSuite 4.0.5.300_OVE uses insecure HTTP for upgrade software package download and does not check the integrity of the software package before installing; an attacker can launch an MITM attack to interrupt or replace the downloaded software package and further compromise the PC."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "a man-in-the-middle (MITM)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-02T19:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160905-01-hisuite-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2016-8273",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HiSuite 4.0.5.300_OVE",
"version": {
"version_data": [
{
"version_value": "HiSuite 4.0.5.300_OVE"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Huawei PC client software HiSuite 4.0.5.300_OVE uses insecure HTTP for upgrade software package download and does not check the integrity of the software package before installing; an attacker can launch an MITM attack to interrupt or replace the downloaded software package and further compromise the PC."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "a man-in-the-middle (MITM)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160905-01-hisuite-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160905-01-hisuite-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2016-8273",
"datePublished": "2017-04-02T20:00:00",
"dateReserved": "2016-09-18T00:00:00",
"dateUpdated": "2024-08-06T02:13:21.878Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-8272
Vulnerability from cvelistv5
Published
2017-04-02 20:00
Modified
2024-08-06 02:13
Severity ?
EPSS score ?
Summary
Huawei PC client software HiSuite 4.0.5.300_OVE has an information leak vulnerability; an attacker who can log in to the system can copy out the user's proxy password, causing information leaks.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160905-01-hisuite-en | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | HiSuite 4.0.5.300_OVE |
Version: HiSuite 4.0.5.300_OVE |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:13:21.918Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160905-01-hisuite-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HiSuite 4.0.5.300_OVE",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "HiSuite 4.0.5.300_OVE"
}
]
}
],
"datePublic": "2017-03-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Huawei PC client software HiSuite 4.0.5.300_OVE has an information leak vulnerability; an attacker who can log in to the system can copy out the user\u0027s proxy password, causing information leaks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "information leak",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-02T19:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160905-01-hisuite-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2016-8272",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HiSuite 4.0.5.300_OVE",
"version": {
"version_data": [
{
"version_value": "HiSuite 4.0.5.300_OVE"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Huawei PC client software HiSuite 4.0.5.300_OVE has an information leak vulnerability; an attacker who can log in to the system can copy out the user\u0027s proxy password, causing information leaks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "information leak"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160905-01-hisuite-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160905-01-hisuite-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2016-8272",
"datePublished": "2017-04-02T20:00:00",
"dateReserved": "2016-09-18T00:00:00",
"dateUpdated": "2024-08-06T02:13:21.918Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-5226
Vulnerability from cvelistv5
Published
2019-11-29 18:57
Modified
2024-08-04 19:47
Severity ?
EPSS score ?
Summary
P30, P30 Pro, Mate 20 smartphones with software of versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1), versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R2P1), versions earlier than Hima-AL00B 9.1.0.135(C00E133R2P1) and HiSuite with versions earlier than HiSuite 9.1.0.305 have a version downgrade vulnerability. The device and HiSuite software do not validate the upgrade package sufficiently, so that the system of smartphone can be downgraded to an older version.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190904-01-smartphone-en | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | P30, P30 Pro, Mate 20, HiSuite |
Version: Versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1), Versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R2P1), Versions earlier than Hima-AL00B 9.1.0.135(C00E133R2P1), Versions earlier than HiSuite 9.1.0.305 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:47:56.805Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190904-01-smartphone-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "P30, P30 Pro, Mate 20, HiSuite",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1), Versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R2P1), Versions earlier than Hima-AL00B 9.1.0.135(C00E133R2P1), Versions earlier than HiSuite 9.1.0.305"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "P30, P30 Pro, Mate 20 smartphones with software of versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1), versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R2P1), versions earlier than Hima-AL00B 9.1.0.135(C00E133R2P1) and HiSuite with versions earlier than HiSuite 9.1.0.305 have a version downgrade vulnerability. The device and HiSuite software do not validate the upgrade package sufficiently, so that the system of smartphone can be downgraded to an older version."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "version downgrade",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-29T18:57:30",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190904-01-smartphone-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2019-5226",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "P30, P30 Pro, Mate 20, HiSuite",
"version": {
"version_data": [
{
"version_value": "Versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1), Versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R2P1), Versions earlier than Hima-AL00B 9.1.0.135(C00E133R2P1), Versions earlier than HiSuite 9.1.0.305"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "P30, P30 Pro, Mate 20 smartphones with software of versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1), versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R2P1), versions earlier than Hima-AL00B 9.1.0.135(C00E133R2P1) and HiSuite with versions earlier than HiSuite 9.1.0.305 have a version downgrade vulnerability. The device and HiSuite software do not validate the upgrade package sufficiently, so that the system of smartphone can be downgraded to an older version."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "version downgrade"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190904-01-smartphone-en",
"refsource": "CONFIRM",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190904-01-smartphone-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2019-5226",
"datePublished": "2019-11-29T18:57:30",
"dateReserved": "2019-01-04T00:00:00",
"dateUpdated": "2024-08-04T19:47:56.805Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-8274
Vulnerability from cvelistv5
Published
2017-04-02 20:00
Modified
2024-08-06 02:13
Severity ?
EPSS score ?
Summary
Huawei PC client software HiSuite 4.0.5.300_OVE has a dynamic link library (DLL) hijack vulnerability; an attacker can make the system load malicious DLL files to execute arbitrary code.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160905-01-hisuite-en | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | HiSuite 4.0.5.300_OVE |
Version: HiSuite 4.0.5.300_OVE |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:13:21.825Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160905-01-hisuite-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HiSuite 4.0.5.300_OVE",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "HiSuite 4.0.5.300_OVE"
}
]
}
],
"datePublic": "2017-03-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Huawei PC client software HiSuite 4.0.5.300_OVE has a dynamic link library (DLL) hijack vulnerability; an attacker can make the system load malicious DLL files to execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "dynamic link library (DLL) hijack",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-02T19:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160905-01-hisuite-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2016-8274",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HiSuite 4.0.5.300_OVE",
"version": {
"version_data": [
{
"version_value": "HiSuite 4.0.5.300_OVE"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Huawei PC client software HiSuite 4.0.5.300_OVE has a dynamic link library (DLL) hijack vulnerability; an attacker can make the system load malicious DLL files to execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "dynamic link library (DLL) hijack"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160905-01-hisuite-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160905-01-hisuite-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2016-8274",
"datePublished": "2017-04-02T20:00:00",
"dateReserved": "2016-09-18T00:00:00",
"dateUpdated": "2024-08-06T02:13:21.825Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-4086
Vulnerability from cvelistv5
Published
2016-06-30 16:00
Modified
2024-08-06 00:17
Severity ?
EPSS score ?
Summary
Huawei HiSuite (In China) before 4.0.4.301 and (Out of China) before 4.0.4.204_ove allows remote attackers to install arbitrary apps on a connected phone via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160422-01-hisuite-en | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/92622 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:17:30.806Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160422-01-hisuite-en"
},
{
"name": "92622",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92622"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Huawei HiSuite (In China) before 4.0.4.301 and (Out of China) before 4.0.4.204_ove allows remote attackers to install arbitrary apps on a connected phone via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160422-01-hisuite-en"
},
{
"name": "92622",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92622"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-4086",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Huawei HiSuite (In China) before 4.0.4.301 and (Out of China) before 4.0.4.204_ove allows remote attackers to install arbitrary apps on a connected phone via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160422-01-hisuite-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160422-01-hisuite-en"
},
{
"name": "92622",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92622"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-4086",
"datePublished": "2016-06-30T16:00:00",
"dateReserved": "2016-04-26T00:00:00",
"dateUpdated": "2024-08-06T00:17:30.806Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-5263
Vulnerability from cvelistv5
Published
2019-11-29 19:20
Modified
2024-08-04 19:47
Severity ?
EPSS score ?
Summary
HiSuite with 9.1.0.305 and earlier versions and 9.1.0.305(MAC) and earlier versions and HwBackup with earlier versions before 9.1.1.308 have a brute forcing encrypted backup data vulnerability. Huawei smartphone user backup information can be obtained by brute forcing the password for encrypting the backup.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190821-01-backup-en | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | HiSuite, HwBackup |
Version: 9.1.0.305 and earlier versions, 9.1.0.305(MAC) and earlier versions, Earlier versions before 9.1.1.308 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:47:56.887Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190821-01-backup-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HiSuite, HwBackup",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "9.1.0.305 and earlier versions, 9.1.0.305(MAC) and earlier versions, Earlier versions before 9.1.1.308"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HiSuite with 9.1.0.305 and earlier versions and 9.1.0.305(MAC) and earlier versions and HwBackup with earlier versions before 9.1.1.308 have a brute forcing encrypted backup data vulnerability. Huawei smartphone user backup information can be obtained by brute forcing the password for encrypting the backup."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Brute Forcing",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-29T19:20:27",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190821-01-backup-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2019-5263",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HiSuite, HwBackup",
"version": {
"version_data": [
{
"version_value": "9.1.0.305 and earlier versions, 9.1.0.305(MAC) and earlier versions, Earlier versions before 9.1.1.308"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HiSuite with 9.1.0.305 and earlier versions and 9.1.0.305(MAC) and earlier versions and HwBackup with earlier versions before 9.1.1.308 have a brute forcing encrypted backup data vulnerability. Huawei smartphone user backup information can be obtained by brute forcing the password for encrypting the backup."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Brute Forcing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190821-01-backup-en",
"refsource": "CONFIRM",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190821-01-backup-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2019-5263",
"datePublished": "2019-11-29T19:20:27",
"dateReserved": "2019-01-04T00:00:00",
"dateUpdated": "2024-08-04T19:47:56.887Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-5821
Vulnerability from cvelistv5
Published
2016-07-13 15:00
Modified
2024-08-06 01:15
Severity ?
EPSS score ?
Summary
Huawei HiSuite before 4.0.4.204_ove (Out of China) and before 4.0.4.301 (China) use a weak ACL (FILE_WRITE_DATA for BUILTIN\Users) for the HiSuite service directory, which allows local users to gain SYSTEM privileges via a Trojan horse (1) SspiCli.dll or (2) USERENV.dll file or possibly other unspecified DLL files.
References
| ▼ | URL | Tags |
|---|---|---|
| https://labs.bluefrostsecurity.de/advisories/bfs-sa-2016-003/ | x_refsource_MISC | |
| http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160624-01-hisuite-en | x_refsource_CONFIRM | |
| http://www.securityfocus.com/archive/1/538797/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://packetstormsecurity.com/files/137733/Huawei-HiSuite-For-Windows-4.0.3.301-Privilege-Escalation.html | x_refsource_MISC | |
| http://www.securityfocus.com/bid/91418 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:15:10.774Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://labs.bluefrostsecurity.de/advisories/bfs-sa-2016-003/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160624-01-hisuite-en"
},
{
"name": "20160629 BFS-SA-2016-003: Huawei HiSuite Insecure Service Directory ACLs",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/538797/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/137733/Huawei-HiSuite-For-Windows-4.0.3.301-Privilege-Escalation.html"
},
{
"name": "91418",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91418"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-06-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Huawei HiSuite before 4.0.4.204_ove (Out of China) and before 4.0.4.301 (China) use a weak ACL (FILE_WRITE_DATA for BUILTIN\\Users) for the HiSuite service directory, which allows local users to gain SYSTEM privileges via a Trojan horse (1) SspiCli.dll or (2) USERENV.dll file or possibly other unspecified DLL files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://labs.bluefrostsecurity.de/advisories/bfs-sa-2016-003/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160624-01-hisuite-en"
},
{
"name": "20160629 BFS-SA-2016-003: Huawei HiSuite Insecure Service Directory ACLs",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/538797/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/137733/Huawei-HiSuite-For-Windows-4.0.3.301-Privilege-Escalation.html"
},
{
"name": "91418",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91418"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-5821",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Huawei HiSuite before 4.0.4.204_ove (Out of China) and before 4.0.4.301 (China) use a weak ACL (FILE_WRITE_DATA for BUILTIN\\Users) for the HiSuite service directory, which allows local users to gain SYSTEM privileges via a Trojan horse (1) SspiCli.dll or (2) USERENV.dll file or possibly other unspecified DLL files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://labs.bluefrostsecurity.de/advisories/bfs-sa-2016-003/",
"refsource": "MISC",
"url": "https://labs.bluefrostsecurity.de/advisories/bfs-sa-2016-003/"
},
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160624-01-hisuite-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160624-01-hisuite-en"
},
{
"name": "20160629 BFS-SA-2016-003: Huawei HiSuite Insecure Service Directory ACLs",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/538797/100/0/threaded"
},
{
"name": "http://packetstormsecurity.com/files/137733/Huawei-HiSuite-For-Windows-4.0.3.301-Privilege-Escalation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/137733/Huawei-HiSuite-For-Windows-4.0.3.301-Privilege-Escalation.html"
},
{
"name": "91418",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91418"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-5821",
"datePublished": "2016-07-13T15:00:00",
"dateReserved": "2016-06-23T00:00:00",
"dateUpdated": "2024-08-06T01:15:10.774Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
var-201911-0269
Vulnerability from variot
HiSuite with 9.1.0.305 and earlier versions and 9.1.0.305(MAC) and earlier versions and HwBackup with earlier versions before 9.1.1.308 have a brute forcing encrypted backup data vulnerability. Huawei smartphone user backup information can be obtained by brute forcing the password for encrypting the backup. HiSuite and HwBackup Contains an information disclosure vulnerability.Information may be obtained. Both Huawei HiSuite and HwBackup are products of the Chinese company Huawei. Huawei HiSuite is a mobile assistant application for PC. HwBackup is a mobile phone backup data storage program
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201911-0269",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "hisuite",
"scope": "lte",
"trust": 1.8,
"vendor": "huawei",
"version": "9.1.0.305"
},
{
"model": "hwbackup",
"scope": "lte",
"trust": 1.0,
"vendor": "huawei",
"version": "9.1.1.308"
},
{
"model": "hisuite",
"scope": "lte",
"trust": 0.8,
"vendor": "huawei",
"version": "9.1.0.305(mac)"
},
{
"model": "hwbackup",
"scope": "lt",
"trust": 0.8,
"vendor": "huawei",
"version": "9.1.1.308"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012887"
},
{
"db": "NVD",
"id": "CVE-2019-5263"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:huawei:hisuite:*:*:*:*:*:macos:*:*",
"cpe_name": [],
"versionEndIncluding": "9.1.0.305",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:huawei:hisuite:*:*:*:*:*:windows:*:*",
"cpe_name": [],
"versionEndIncluding": "9.1.0.305",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:huawei:hwbackup:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.1.1.308",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5263"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vulnerability was discovered by security researchers.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-1734"
}
],
"trust": 0.6
},
"cve": "CVE-2019-5263",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 2.1,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-5263",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-156698",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-5263",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-5263",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201908-1734",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-156698",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-156698"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012887"
},
{
"db": "NVD",
"id": "CVE-2019-5263"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-1734"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HiSuite with 9.1.0.305 and earlier versions and 9.1.0.305(MAC) and earlier versions and HwBackup with earlier versions before 9.1.1.308 have a brute forcing encrypted backup data vulnerability. Huawei smartphone user backup information can be obtained by brute forcing the password for encrypting the backup. HiSuite and HwBackup Contains an information disclosure vulnerability.Information may be obtained. Both Huawei HiSuite and HwBackup are products of the Chinese company Huawei. Huawei HiSuite is a mobile assistant application for PC. HwBackup is a mobile phone backup data storage program",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5263"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012887"
},
{
"db": "VULHUB",
"id": "VHN-156698"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-5263",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012887",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201908-1734",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-156698",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-156698"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012887"
},
{
"db": "NVD",
"id": "CVE-2019-5263"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-1734"
}
]
},
"id": "VAR-201911-0269",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-156698"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:28:21.813000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "huawei-sa-20190821-01-backup",
"trust": 0.8,
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190821-01-backup-en"
},
{
"title": "Huawei HiSuite and HwBackup Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=97321"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012887"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-1734"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-307",
"trust": 1.1
},
{
"problemtype": "CWE-200",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-156698"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012887"
},
{
"db": "NVD",
"id": "CVE-2019-5263"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190821-01-backup-en"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5263"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5263"
},
{
"trust": 0.6,
"url": "https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20190821-01-backup-cn"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-156698"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012887"
},
{
"db": "NVD",
"id": "CVE-2019-5263"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-1734"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-156698"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012887"
},
{
"db": "NVD",
"id": "CVE-2019-5263"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-1734"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-29T00:00:00",
"db": "VULHUB",
"id": "VHN-156698"
},
{
"date": "2019-12-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-012887"
},
{
"date": "2019-11-29T20:15:12.003000",
"db": "NVD",
"id": "CVE-2019-5263"
},
{
"date": "2019-08-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-1734"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-156698"
},
{
"date": "2019-12-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-012887"
},
{
"date": "2020-08-24T17:37:01.140000",
"db": "NVD",
"id": "CVE-2019-5263"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-1734"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-1734"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HiSuite and HwBackup Vulnerable to information disclosure",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012887"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-1734"
}
],
"trust": 0.6
}
}
var-201704-0156
Vulnerability from variot
Huawei PC client software HiSuite 4.0.5.300_OVE has an information leak vulnerability; an attacker who can log in to the system can copy out the user's proxy password, causing information leaks. HiSuite Contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. Huawei HiSuite is a set of mobile phone assistant software for PCs developed by China Huawei (Huawei). An information disclosure vulnerability exists in Huawei HiSuite version 4.0.5.300_OVE. The vulnerability stems from the fact that the copy function is not disabled in the password box on the proxy settings interface
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-0156",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "hisuite",
"scope": "eq",
"trust": 2.4,
"vendor": "huawei",
"version": "4.0.5.300_ove"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008204"
},
{
"db": "NVD",
"id": "CVE-2016-8272"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-190"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:huawei:hisuite:4.0.5.300_ove:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-8272"
}
]
},
"cve": "CVE-2016-8272",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 2.1,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2016-8272",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-97092",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.8,
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "Low",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2016-8272",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-8272",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201704-190",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-97092",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97092"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008204"
},
{
"db": "NVD",
"id": "CVE-2016-8272"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-190"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei PC client software HiSuite 4.0.5.300_OVE has an information leak vulnerability; an attacker who can log in to the system can copy out the user\u0027s proxy password, causing information leaks. HiSuite Contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. Huawei HiSuite is a set of mobile phone assistant software for PCs developed by China Huawei (Huawei). An information disclosure vulnerability exists in Huawei HiSuite version 4.0.5.300_OVE. The vulnerability stems from the fact that the copy function is not disabled in the password box on the proxy settings interface",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-8272"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008204"
},
{
"db": "VULHUB",
"id": "VHN-97092"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-8272",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008204",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201704-190",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-97092",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97092"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008204"
},
{
"db": "NVD",
"id": "CVE-2016-8272"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-190"
}
]
},
"id": "VAR-201704-0156",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-97092"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:37:29.971000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security Advisory - Multiple Security Vulnerabilities in Huawei HiSuite",
"trust": 0.8,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160905-01-hisuite-en"
},
{
"title": "Huawei HiSuite Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=69038"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008204"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-190"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97092"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008204"
},
{
"db": "NVD",
"id": "CVE-2016-8272"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160905-01-hisuite-en"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8272"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-8272"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97092"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008204"
},
{
"db": "NVD",
"id": "CVE-2016-8272"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-190"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-97092"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008204"
},
{
"db": "NVD",
"id": "CVE-2016-8272"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-190"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-02T00:00:00",
"db": "VULHUB",
"id": "VHN-97092"
},
{
"date": "2017-05-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008204"
},
{
"date": "2017-04-02T20:59:00.937000",
"db": "NVD",
"id": "CVE-2016-8272"
},
{
"date": "2017-04-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-190"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-05T00:00:00",
"db": "VULHUB",
"id": "VHN-97092"
},
{
"date": "2017-05-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008204"
},
{
"date": "2017-04-05T19:03:05.073000",
"db": "NVD",
"id": "CVE-2016-8272"
},
{
"date": "2017-04-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-190"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-190"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HiSuite Vulnerable to information disclosure",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008204"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-190"
}
],
"trust": 0.6
}
}
var-201606-0051
Vulnerability from variot
Huawei HiSuite (In China) before 4.0.4.301 and (Out of China) before 4.0.4.204_ove allows remote attackers to install arbitrary apps on a connected phone via unspecified vectors. Huawei HiSuite is prone to a security-bypass vulnerability. Attackers can exploit this issue to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks. Huawei HiSuite is a set of mobile phone assistant software for PCs developed by China Huawei (Huawei). There are security vulnerabilities in Huawei HiSuite. The following versions are affected: Huawei HiSuite version 2.3.15, version 2.3.28, version 2.3.35, version 2.3.42, version 2.3.50, version 2.3.55.0 (domestic), version 2.3.55.1 (foreign)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201606-0051",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "hisuite",
"scope": "eq",
"trust": 1.9,
"vendor": "huawei",
"version": "2.3.50"
},
{
"model": "hisuite",
"scope": "eq",
"trust": 1.9,
"vendor": "huawei",
"version": "2.3.42"
},
{
"model": "hisuite",
"scope": "eq",
"trust": 1.9,
"vendor": "huawei",
"version": "2.3.35"
},
{
"model": "hisuite",
"scope": "eq",
"trust": 1.9,
"vendor": "huawei",
"version": "2.3.28"
},
{
"model": "hisuite",
"scope": "eq",
"trust": 1.9,
"vendor": "huawei",
"version": "2.3.15"
},
{
"model": "hisuite",
"scope": "eq",
"trust": 1.9,
"vendor": "huawei",
"version": "2.3.55.1"
},
{
"model": "hisuite",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": "2.3.55"
},
{
"model": "hisuite",
"scope": "lt",
"trust": 0.8,
"vendor": "huawei",
"version": "4.0.4.204_ove (out of china)"
},
{
"model": "hisuite",
"scope": "lt",
"trust": 0.8,
"vendor": "huawei",
"version": "4.0.4.301 (in china)"
},
{
"model": "hisuite",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "2.3.55.0"
},
{
"model": "hisuite",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": "4.0.4.301"
},
{
"model": "hisuite 4.0.4.204 ove",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "92622"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003440"
},
{
"db": "NVD",
"id": "CVE-2016-4086"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-665"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:huawei:hisuite:2.3.50:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:huawei:hisuite:2.3.42:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:huawei:hisuite:2.3.55.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:huawei:hisuite:2.3.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:huawei:hisuite:2.3.35:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:huawei:hisuite:2.3.28:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:huawei:hisuite:2.3.55:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4086"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "92622"
}
],
"trust": 0.3
},
"cve": "CVE-2016-4086",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 2.9,
"confidentialityImpact": "NONE",
"exploitabilityScore": 5.5,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 2.9,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2016-4086",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.9,
"confidentialityImpact": "NONE",
"exploitabilityScore": 5.5,
"id": "VHN-92905",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:A/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2016-4086",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-4086",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201606-665",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-92905",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-92905"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003440"
},
{
"db": "NVD",
"id": "CVE-2016-4086"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-665"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei HiSuite (In China) before 4.0.4.301 and (Out of China) before 4.0.4.204_ove allows remote attackers to install arbitrary apps on a connected phone via unspecified vectors. Huawei HiSuite is prone to a security-bypass vulnerability. \nAttackers can exploit this issue to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks. Huawei HiSuite is a set of mobile phone assistant software for PCs developed by China Huawei (Huawei). There are security vulnerabilities in Huawei HiSuite. The following versions are affected: Huawei HiSuite version 2.3.15, version 2.3.28, version 2.3.35, version 2.3.42, version 2.3.50, version 2.3.55.0 (domestic), version 2.3.55.1 (foreign)",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4086"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003440"
},
{
"db": "BID",
"id": "92622"
},
{
"db": "VULHUB",
"id": "VHN-92905"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-4086",
"trust": 2.8
},
{
"db": "BID",
"id": "92622",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003440",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201606-665",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-92905",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-92905"
},
{
"db": "BID",
"id": "92622"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003440"
},
{
"db": "NVD",
"id": "CVE-2016-4086"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-665"
}
]
},
"id": "VAR-201606-0051",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-92905"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:09:03.468000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "huawei-sa-20160422-01-hisuite",
"trust": 0.8,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160422-01-hisuite-en"
},
{
"title": "Huawei HiSuite Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=62574"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003440"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-665"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4086"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160422-01-hisuite-en"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/92622"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4086"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4086"
},
{
"trust": 0.3,
"url": "http://www.huawei.com"
},
{
"trust": 0.3,
"url": "http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20160422-01-hisuite-en"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-92905"
},
{
"db": "BID",
"id": "92622"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003440"
},
{
"db": "NVD",
"id": "CVE-2016-4086"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-665"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-92905"
},
{
"db": "BID",
"id": "92622"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003440"
},
{
"db": "NVD",
"id": "CVE-2016-4086"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-665"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-06-30T00:00:00",
"db": "VULHUB",
"id": "VHN-92905"
},
{
"date": "2016-08-24T00:00:00",
"db": "BID",
"id": "92622"
},
{
"date": "2016-07-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003440"
},
{
"date": "2016-06-30T16:59:02.507000",
"db": "NVD",
"id": "CVE-2016-4086"
},
{
"date": "2016-06-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201606-665"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-11-28T00:00:00",
"db": "VULHUB",
"id": "VHN-92905"
},
{
"date": "2016-08-24T00:00:00",
"db": "BID",
"id": "92622"
},
{
"date": "2016-07-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003440"
},
{
"date": "2016-11-28T20:14:58.840000",
"db": "NVD",
"id": "CVE-2016-4086"
},
{
"date": "2016-07-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201606-665"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "specific network environment",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201606-665"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei HiSuite Vulnerable to arbitrary application installation on connected phones",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003440"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201606-665"
}
],
"trust": 0.6
}
}
var-201906-0353
Vulnerability from variot
HiSuite 9.1.0.300 versions and earlier contains a DLL hijacking vulnerability. This vulnerability exists due to some DLL file is loaded by HiSuite improperly. And it allows an attacker to load this DLL file of the attacker's choosing that could execute arbitrary code. HiSuite Contains an unreliable search path vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Huawei HiSuite is a mobile phone assistant application for PC from Huawei, China
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201906-0353",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "hisuite",
"scope": "lte",
"trust": 1.8,
"vendor": "huawei",
"version": "9.1.0.300"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005469"
},
{
"db": "NVD",
"id": "CVE-2019-5245"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:huawei:hisuite:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.1.0.300",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5245"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vulnerability is caused by CyberArk Labs of Eran Shimony Report to Huawei PSIRT .",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-548"
}
],
"trust": 0.6
},
"cve": "CVE-2019-5245",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.6,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-5245",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-156680",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.8,
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "Low",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2019-5245",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-5245",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201906-548",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-156680",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-156680"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005469"
},
{
"db": "NVD",
"id": "CVE-2019-5245"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-548"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HiSuite 9.1.0.300 versions and earlier contains a DLL hijacking vulnerability. This vulnerability exists due to some DLL file is loaded by HiSuite improperly. And it allows an attacker to load this DLL file of the attacker\u0027s choosing that could execute arbitrary code. HiSuite Contains an unreliable search path vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Huawei HiSuite is a mobile phone assistant application for PC from Huawei, China",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5245"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005469"
},
{
"db": "VULHUB",
"id": "VHN-156680"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-5245",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005469",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201906-548",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-156680",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-156680"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005469"
},
{
"db": "NVD",
"id": "CVE-2019-5245"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-548"
}
]
},
"id": "VAR-201906-0353",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-156680"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:50:16.283000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "huawei-sa-20190612-01-dllhijacking",
"trust": 0.8,
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190612-01-dllhijacking-en"
},
{
"title": "Huawei HiSuite Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=93781"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005469"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-548"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-427",
"trust": 1.0
},
{
"problemtype": "CWE-426",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-156680"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005469"
},
{
"db": "NVD",
"id": "CVE-2019-5245"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190612-01-dllhijacking-en"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5245"
},
{
"trust": 1.2,
"url": "http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20190612-01-dllhijacking-cn"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5245"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-156680"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005469"
},
{
"db": "NVD",
"id": "CVE-2019-5245"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-548"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-156680"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005469"
},
{
"db": "NVD",
"id": "CVE-2019-5245"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-548"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-13T00:00:00",
"db": "VULHUB",
"id": "VHN-156680"
},
{
"date": "2019-06-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005469"
},
{
"date": "2019-06-13T16:29:01.607000",
"db": "NVD",
"id": "CVE-2019-5245"
},
{
"date": "2019-06-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-548"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-14T00:00:00",
"db": "VULHUB",
"id": "VHN-156680"
},
{
"date": "2019-06-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005469"
},
{
"date": "2021-07-21T11:39:23.747000",
"db": "NVD",
"id": "CVE-2019-5245"
},
{
"date": "2019-06-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-548"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-548"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HiSuite Vulnerabilities related to untrusted search paths",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005469"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-548"
}
],
"trust": 0.6
}
}
var-201704-0157
Vulnerability from variot
Huawei PC client software HiSuite 4.0.5.300_OVE uses insecure HTTP for upgrade software package download and does not check the integrity of the software package before installing; an attacker can launch an MITM attack to interrupt or replace the downloaded software package and further compromise the PC. HiSuite Contains input validation vulnerabilities and access control vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. Huawei HiSuite is a set of mobile phone assistant software for PCs developed by China Huawei (Huawei). There is a security vulnerability in Huawei HiSuite version 4.0.5.300_OVE. An attacker could exploit this vulnerability to implement a man-in-the-middle attack, disrupting or replacing downloaded software packages
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-0157",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "hisuite",
"scope": "eq",
"trust": 2.4,
"vendor": "huawei",
"version": "4.0.5.300_ove"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008205"
},
{
"db": "NVD",
"id": "CVE-2016-8273"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-189"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:huawei:hisuite:4.0.5.300_ove:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-8273"
}
]
},
"cve": "CVE-2016-8273",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 6.9,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2016-8273",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"id": "VHN-97093",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-8273",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-8273",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201704-189",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-97093",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97093"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008205"
},
{
"db": "NVD",
"id": "CVE-2016-8273"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-189"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei PC client software HiSuite 4.0.5.300_OVE uses insecure HTTP for upgrade software package download and does not check the integrity of the software package before installing; an attacker can launch an MITM attack to interrupt or replace the downloaded software package and further compromise the PC. HiSuite Contains input validation vulnerabilities and access control vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. Huawei HiSuite is a set of mobile phone assistant software for PCs developed by China Huawei (Huawei). There is a security vulnerability in Huawei HiSuite version 4.0.5.300_OVE. An attacker could exploit this vulnerability to implement a man-in-the-middle attack, disrupting or replacing downloaded software packages",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-8273"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008205"
},
{
"db": "VULHUB",
"id": "VHN-97093"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-8273",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008205",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201704-189",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-97093",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97093"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008205"
},
{
"db": "NVD",
"id": "CVE-2016-8273"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-189"
}
]
},
"id": "VAR-201704-0157",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-97093"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:53:04.399000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security Advisory - Multiple Security Vulnerabilities in Huawei HiSuite",
"trust": 0.8,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160905-01-hisuite-en"
},
{
"title": "Huawei HiSuite Enter the fix for the verification vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=69037"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008205"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-189"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
},
{
"problemtype": "CWE-284",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97093"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008205"
},
{
"db": "NVD",
"id": "CVE-2016-8273"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160905-01-hisuite-en"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8273"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-8273"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97093"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008205"
},
{
"db": "NVD",
"id": "CVE-2016-8273"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-189"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-97093"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008205"
},
{
"db": "NVD",
"id": "CVE-2016-8273"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-189"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-02T00:00:00",
"db": "VULHUB",
"id": "VHN-97093"
},
{
"date": "2017-05-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008205"
},
{
"date": "2017-04-02T20:59:00.970000",
"db": "NVD",
"id": "CVE-2016-8273"
},
{
"date": "2017-04-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-189"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-05T00:00:00",
"db": "VULHUB",
"id": "VHN-97093"
},
{
"date": "2017-05-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008205"
},
{
"date": "2017-04-05T19:59:33.833000",
"db": "NVD",
"id": "CVE-2016-8273"
},
{
"date": "2017-04-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-189"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-189"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HiSuite Input validation vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008205"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-189"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-189"
}
],
"trust": 0.6
}
}
var-201911-0832
Vulnerability from variot
P30, P30 Pro, Mate 20 smartphones with software of versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1), versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R2P1), versions earlier than Hima-AL00B 9.1.0.135(C00E133R2P1) and HiSuite with versions earlier than HiSuite 9.1.0.305 have a version downgrade vulnerability. The device and HiSuite software do not validate the upgrade package sufficiently, so that the system of smartphone can be downgraded to an older version. Huawei P30 and others are products of China Huawei. The Huawei P30 is a smart phone. The Huawei P30 Pro is a smartphone. Huawei HiSuite is a mobile assistant application for the PC.
There are security vulnerabilities in various Huawei products
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201911-0832",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "hisuite",
"scope": "lt",
"trust": 1.6,
"vendor": "huawei",
"version": "9.1.0.305"
},
{
"model": "p30 pro",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "vogue-al00a_9.1.0.193\\(c00e190r2p1\\)"
},
{
"model": "p30",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "elle-al00b_9.1.0.193\\(c00e190r2p1\\)"
},
{
"model": "mate 20",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "hima-al00b_9.1.0.135\\(c00e133r2p1\\)"
},
{
"model": "hisuite",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "mate 20",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "p30 pro",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "p30",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "p30 \u003celle-al00b 9.1.0.193",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "p30 pro \u003cvogue-al00a 9.1.0.193",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "mate \u003chima-al00b 9.1.0.135",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "20x"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-30711"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012739"
},
{
"db": "NVD",
"id": "CVE-2019-5227"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:huawei:p30_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "elle-al00b_9.1.0.193\\(c00e190r2p1\\)",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:huawei:p30:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:huawei:p30_pro_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "vogue-al00a_9.1.0.193\\(c00e190r2p1\\)",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:huawei:p30_pro:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:huawei:mate_20_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "hima-al00b_9.1.0.135\\(c00e133r2p1\\)",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:huawei:mate_20:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:huawei:hisuite_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.1.0.305",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:huawei:hisuite:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5227"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vendor",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201909-199"
}
],
"trust": 0.6
},
"cve": "CVE-2019-5227",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-5227",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2019-30711",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-5227",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-5227",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2019-30711",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201909-199",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-30711"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012739"
},
{
"db": "NVD",
"id": "CVE-2019-5227"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-199"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "P30, P30 Pro, Mate 20 smartphones with software of versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1), versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R2P1), versions earlier than Hima-AL00B 9.1.0.135(C00E133R2P1) and HiSuite with versions earlier than HiSuite 9.1.0.305 have a version downgrade vulnerability. The device and HiSuite software do not validate the upgrade package sufficiently, so that the system of smartphone can be downgraded to an older version. Huawei P30 and others are products of China Huawei. The Huawei P30 is a smart phone. The Huawei P30 Pro is a smartphone. Huawei HiSuite is a mobile assistant application for the PC. \n\nThere are security vulnerabilities in various Huawei products",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5227"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012739"
},
{
"db": "CNVD",
"id": "CNVD-2019-30711"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-5227",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012739",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-30711",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "44307",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201909-199",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-30711"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012739"
},
{
"db": "NVD",
"id": "CVE-2019-5227"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-199"
}
]
},
"id": "VAR-201911-0832",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-30711"
}
],
"trust": 1.431770852
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-30711"
}
]
},
"last_update_date": "2023-12-18T12:49:59.333000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "huawei-sa-20190904-01-smartphone",
"trust": 0.8,
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190904-01-smartphone-en"
},
{
"title": "Patch for Multiple Huawei product version downgrade vulnerabilities (CNVD-2019-30711)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/179201"
},
{
"title": "Multiple Huawei Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=97957"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-30711"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012739"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-199"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-346",
"trust": 1.0
},
{
"problemtype": "CWE-20",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012739"
},
{
"db": "NVD",
"id": "CVE-2019-5227"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190904-01-smartphone-en"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5227"
},
{
"trust": 1.2,
"url": "https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20190904-01-smartphone-cn"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5227"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/44307"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-30711"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012739"
},
{
"db": "NVD",
"id": "CVE-2019-5227"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-199"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-30711"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012739"
},
{
"db": "NVD",
"id": "CVE-2019-5227"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-199"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-09-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-30711"
},
{
"date": "2019-12-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-012739"
},
{
"date": "2019-11-29T20:15:11.863000",
"db": "NVD",
"id": "CVE-2019-5227"
},
{
"date": "2019-09-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201909-199"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-09-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-30711"
},
{
"date": "2019-12-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-012739"
},
{
"date": "2021-07-21T11:39:23.747000",
"db": "NVD",
"id": "CVE-2019-5227"
},
{
"date": "2019-12-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201909-199"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201909-199"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Huawei Vulnerability related to input confirmation in smartphones",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012739"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201909-199"
}
],
"trust": 0.6
}
}
var-202007-1276
Vulnerability from variot
Earlier than HiSuite 10.1.0.500 have a DLL hijacking vulnerability. This vulnerability exists due to some DLL file is loaded by HiSuite improperly. And it allows an attacker to load this DLL file of the attacker's choosing. HiSuite Exists in an unreliable search path vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Huawei HiSuite is a mobile phone assistant application for PC from Huawei, China
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202007-1276",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "hisuite",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "10.1.0.500"
},
{
"model": "hisuite",
"scope": "eq",
"trust": 0.8,
"vendor": "huawei",
"version": "10.1.0.500"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-007538"
},
{
"db": "NVD",
"id": "CVE-2020-9100"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:huawei:hisuite:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.1.0.500",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-9100"
}
]
},
"cve": "CVE-2020-9100",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.4,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-007538",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"id": "VHN-187225",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"id": "CVE-2020-9100",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-007538",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-9100",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-007538",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202007-093",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-187225",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-9100",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-187225"
},
{
"db": "VULMON",
"id": "CVE-2020-9100"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007538"
},
{
"db": "NVD",
"id": "CVE-2020-9100"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-093"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Earlier than HiSuite 10.1.0.500 have a DLL hijacking vulnerability. This vulnerability exists due to some DLL file is loaded by HiSuite improperly. And it allows an attacker to load this DLL file of the attacker\u0027s choosing. HiSuite Exists in an unreliable search path vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Huawei HiSuite is a mobile phone assistant application for PC from Huawei, China",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-9100"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007538"
},
{
"db": "VULHUB",
"id": "VHN-187225"
},
{
"db": "VULMON",
"id": "CVE-2020-9100"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-9100",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007538",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202007-093",
"trust": 0.7
},
{
"db": "NSFOCUS",
"id": "47096",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-187225",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-9100",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-187225"
},
{
"db": "VULMON",
"id": "CVE-2020-9100"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007538"
},
{
"db": "NVD",
"id": "CVE-2020-9100"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-093"
}
]
},
"id": "VAR-202007-1276",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-187225"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:35:27.317000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "huawei-sa-20200701-01-dllhijacking",
"trust": 0.8,
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200701-01-dllhijacking-en"
},
{
"title": "Huawei HiSuite Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=123468"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-007538"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-093"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-427",
"trust": 1.1
},
{
"problemtype": "CWE-426",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-187225"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007538"
},
{
"db": "NVD",
"id": "CVE-2020-9100"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200701-01-dllhijacking-en"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9100"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9100"
},
{
"trust": 0.6,
"url": "https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200701-01-dllhijacking-cn"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/47096"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/427.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-187225"
},
{
"db": "VULMON",
"id": "CVE-2020-9100"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007538"
},
{
"db": "NVD",
"id": "CVE-2020-9100"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-093"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-187225"
},
{
"db": "VULMON",
"id": "CVE-2020-9100"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007538"
},
{
"db": "NVD",
"id": "CVE-2020-9100"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-093"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-06T00:00:00",
"db": "VULHUB",
"id": "VHN-187225"
},
{
"date": "2020-07-06T00:00:00",
"db": "VULMON",
"id": "CVE-2020-9100"
},
{
"date": "2020-08-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-007538"
},
{
"date": "2020-07-06T18:15:21.323000",
"db": "NVD",
"id": "CVE-2020-9100"
},
{
"date": "2020-07-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-093"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-21T00:00:00",
"db": "VULHUB",
"id": "VHN-187225"
},
{
"date": "2021-07-21T00:00:00",
"db": "VULMON",
"id": "CVE-2020-9100"
},
{
"date": "2020-08-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-007538"
},
{
"date": "2021-07-21T11:39:23.747000",
"db": "NVD",
"id": "CVE-2020-9100"
},
{
"date": "2020-07-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-093"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-093"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HiSuite Unreliable search path vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-007538"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-093"
}
],
"trust": 0.6
}
}
var-201911-0831
Vulnerability from variot
P30, P30 Pro, Mate 20 smartphones with software of versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1), versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R2P1), versions earlier than Hima-AL00B 9.1.0.135(C00E133R2P1) and HiSuite with versions earlier than HiSuite 9.1.0.305 have a version downgrade vulnerability. The device and HiSuite software do not validate the upgrade package sufficiently, so that the system of smartphone can be downgraded to an older version. Huawei P30 and others are products of China Huawei. The Huawei P30 is a smart phone. The Huawei P30 Pro is a smartphone. Huawei HiSuite is a mobile assistant application for the PC. There are security vulnerabilities in various Huawei products
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201911-0831",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "hisuite",
"scope": "lt",
"trust": 1.6,
"vendor": "huawei",
"version": "9.1.0.305"
},
{
"model": "p30 pro",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "vogue-al00a_9.1.0.193\\(c00e190r2p1\\)"
},
{
"model": "p30",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "elle-al00b_9.1.0.193\\(c00e190r2p1\\)"
},
{
"model": "mate 20",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "hima-al00b_9.1.0.135\\(c00e133r2p1\\)"
},
{
"model": "hisuite",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "mate 20",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "p30 pro",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "p30",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "p30 \u003celle-al00b 9.1.0.193",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "p30 pro \u003cvogue-al00a 9.1.0.193",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "mate \u003chima-al00b 9.1.0.135",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "20x"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-30710"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012738"
},
{
"db": "NVD",
"id": "CVE-2019-5226"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:huawei:p30_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "elle-al00b_9.1.0.193\\(c00e190r2p1\\)",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:huawei:p30:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:huawei:p30_pro_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "vogue-al00a_9.1.0.193\\(c00e190r2p1\\)",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:huawei:p30_pro:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:huawei:mate_20_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "hima-al00b_9.1.0.135\\(c00e133r2p1\\)",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:huawei:mate_20:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:huawei:hisuite_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.1.0.305",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:huawei:hisuite:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5226"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vendor",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201909-205"
}
],
"trust": 0.6
},
"cve": "CVE-2019-5226",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-5226",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2019-30710",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-5226",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-5226",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2019-30710",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201909-205",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-30710"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012738"
},
{
"db": "NVD",
"id": "CVE-2019-5226"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-205"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "P30, P30 Pro, Mate 20 smartphones with software of versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1), versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R2P1), versions earlier than Hima-AL00B 9.1.0.135(C00E133R2P1) and HiSuite with versions earlier than HiSuite 9.1.0.305 have a version downgrade vulnerability. The device and HiSuite software do not validate the upgrade package sufficiently, so that the system of smartphone can be downgraded to an older version. Huawei P30 and others are products of China Huawei. The Huawei P30 is a smart phone. The Huawei P30 Pro is a smartphone. Huawei HiSuite is a mobile assistant application for the PC. There are security vulnerabilities in various Huawei products",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5226"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012738"
},
{
"db": "CNVD",
"id": "CNVD-2019-30710"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-5226",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012738",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-30710",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "44306",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201909-205",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-30710"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012738"
},
{
"db": "NVD",
"id": "CVE-2019-5226"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-205"
}
]
},
"id": "VAR-201911-0831",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-30710"
}
],
"trust": 1.431770852
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-30710"
}
]
},
"last_update_date": "2023-12-18T13:07:49.161000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "huawei-sa-20190904-01-smartphone",
"trust": 0.8,
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190904-01-smartphone-en"
},
{
"title": "Patches for multiple Huawei product version downgrade vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/179199"
},
{
"title": "Multiple Huawei Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=97962"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-30710"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012738"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-205"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-346",
"trust": 1.0
},
{
"problemtype": "CWE-20",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012738"
},
{
"db": "NVD",
"id": "CVE-2019-5226"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190904-01-smartphone-en"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5226"
},
{
"trust": 1.2,
"url": "https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20190904-01-smartphone-cn"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5226"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/44306"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-30710"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012738"
},
{
"db": "NVD",
"id": "CVE-2019-5226"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-205"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-30710"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012738"
},
{
"db": "NVD",
"id": "CVE-2019-5226"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-205"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-09-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-30710"
},
{
"date": "2019-12-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-012738"
},
{
"date": "2019-11-29T19:15:12.057000",
"db": "NVD",
"id": "CVE-2019-5226"
},
{
"date": "2019-09-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201909-205"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-09-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-30710"
},
{
"date": "2019-12-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-012738"
},
{
"date": "2021-07-21T11:39:23.747000",
"db": "NVD",
"id": "CVE-2019-5226"
},
{
"date": "2019-12-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201909-205"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201909-205"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Huawei Vulnerability related to input confirmation in smartphones",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012738"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201909-205"
}
],
"trust": 0.6
}
}
var-201704-0158
Vulnerability from variot
Huawei PC client software HiSuite 4.0.5.300_OVE has a dynamic link library (DLL) hijack vulnerability; an attacker can make the system load malicious DLL files to execute arbitrary code. HiSuite Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. Huawei HiSuite is a set of mobile phone assistant software for PCs developed by China Huawei (Huawei). There is a DLL hijacking vulnerability in Huawei HiSuite version 4.0.5.300_OVE. The vulnerability stems from the program's lack of checking of loaded system DLL files
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-0158",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "hisuite",
"scope": "eq",
"trust": 2.4,
"vendor": "huawei",
"version": "4.0.5.300_ove"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008206"
},
{
"db": "NVD",
"id": "CVE-2016-8274"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-188"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:huawei:hisuite:4.0.5.300_ove:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-8274"
}
]
},
"cve": "CVE-2016-8274",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2016-8274",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-97094",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-8274",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-8274",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201704-188",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-97094",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97094"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008206"
},
{
"db": "NVD",
"id": "CVE-2016-8274"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-188"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei PC client software HiSuite 4.0.5.300_OVE has a dynamic link library (DLL) hijack vulnerability; an attacker can make the system load malicious DLL files to execute arbitrary code. HiSuite Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. Huawei HiSuite is a set of mobile phone assistant software for PCs developed by China Huawei (Huawei). There is a DLL hijacking vulnerability in Huawei HiSuite version 4.0.5.300_OVE. The vulnerability stems from the program\u0027s lack of checking of loaded system DLL files",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-8274"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008206"
},
{
"db": "VULHUB",
"id": "VHN-97094"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-8274",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008206",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201704-188",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-97094",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97094"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008206"
},
{
"db": "NVD",
"id": "CVE-2016-8274"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-188"
}
]
},
"id": "VAR-201704-0158",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-97094"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:14:23.364000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security Advisory - Multiple Security Vulnerabilities in Huawei HiSuite",
"trust": 0.8,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160905-01-hisuite-en"
},
{
"title": "Huawei HiSuite Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=69036"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008206"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-188"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-284",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97094"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008206"
},
{
"db": "NVD",
"id": "CVE-2016-8274"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160905-01-hisuite-en"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8274"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-8274"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97094"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008206"
},
{
"db": "NVD",
"id": "CVE-2016-8274"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-188"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-97094"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008206"
},
{
"db": "NVD",
"id": "CVE-2016-8274"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-188"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-02T00:00:00",
"db": "VULHUB",
"id": "VHN-97094"
},
{
"date": "2017-05-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008206"
},
{
"date": "2017-04-02T20:59:01.017000",
"db": "NVD",
"id": "CVE-2016-8274"
},
{
"date": "2017-04-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-188"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-05T00:00:00",
"db": "VULHUB",
"id": "VHN-97094"
},
{
"date": "2017-05-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008206"
},
{
"date": "2017-04-05T18:11:31.807000",
"db": "NVD",
"id": "CVE-2016-8274"
},
{
"date": "2017-04-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-188"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-188"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HiSuite Access control vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008206"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-188"
}
],
"trust": 0.6
}
}
var-201607-0459
Vulnerability from variot
Huawei HiSuite before 4.0.4.204_ove (Out of China) and before 4.0.4.301 (China) use a weak ACL (FILE_WRITE_DATA for BUILTIN\Users) for the HiSuite service directory, which allows local users to gain SYSTEM privileges via a Trojan horse (1) SspiCli.dll or (2) USERENV.dll file or possibly other unspecified DLL files. Huawei UTPS is prone to a local code-execution vulnerability. A local attacker can leverage this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will result in a denial of service condition. Huawei HiSuite 4.0.3.301 and prior are vulnerable. Huawei HiSuite versions prior to 4.0.4.204_ove (Out of China) and versions prior to 4.0.4.301 (China) have a privilege escalation vulnerability. The vulnerability stems from the program using a weak ACL (FILE_WRITE_DATA for BUILTIN\Users) for the HiSuite service directory
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201607-0459",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "hisuite",
"scope": "lte",
"trust": 1.0,
"vendor": "huawei",
"version": "4.0.3.301"
},
{
"model": "hisuite",
"scope": "lt",
"trust": 0.8,
"vendor": "huawei",
"version": "4.0.4.204_ove (out of china)"
},
{
"model": "hisuite",
"scope": "lt",
"trust": 0.8,
"vendor": "huawei",
"version": "4.0.4.301 (china)"
},
{
"model": "hisuite",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "4.0.3.301"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003754"
},
{
"db": "NVD",
"id": "CVE-2016-5821"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-645"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:huawei:hisuite:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.0.3.301",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5821"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Blue Frost Security of Benjamin Gnahm",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201606-645"
}
],
"trust": 0.6
},
"cve": "CVE-2016-5821",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2016-5821",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-94640",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-5821",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-5821",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201606-645",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-94640",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94640"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003754"
},
{
"db": "NVD",
"id": "CVE-2016-5821"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-645"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei HiSuite before 4.0.4.204_ove (Out of China) and before 4.0.4.301 (China) use a weak ACL (FILE_WRITE_DATA for BUILTIN\\Users) for the HiSuite service directory, which allows local users to gain SYSTEM privileges via a Trojan horse (1) SspiCli.dll or (2) USERENV.dll file or possibly other unspecified DLL files. Huawei UTPS is prone to a local code-execution vulnerability. \nA local attacker can leverage this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will result in a denial of service condition. \nHuawei HiSuite 4.0.3.301 and prior are vulnerable. Huawei HiSuite versions prior to 4.0.4.204_ove (Out of China) and versions prior to 4.0.4.301 (China) have a privilege escalation vulnerability. The vulnerability stems from the program using a weak ACL (FILE_WRITE_DATA for BUILTIN\\Users) for the HiSuite service directory ",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5821"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003754"
},
{
"db": "BID",
"id": "91418"
},
{
"db": "VULHUB",
"id": "VHN-94640"
}
],
"trust": 1.98
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-94640",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94640"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-5821",
"trust": 2.8
},
{
"db": "BID",
"id": "91418",
"trust": 2.0
},
{
"db": "PACKETSTORM",
"id": "137733",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003754",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201606-645",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-94640",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94640"
},
{
"db": "BID",
"id": "91418"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003754"
},
{
"db": "NVD",
"id": "CVE-2016-5821"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-645"
}
]
},
"id": "VAR-201607-0459",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-94640"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:39:10.523000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "huawei-sa-20160624-01-hisuite",
"trust": 0.8,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160624-01-hisuite-en"
},
{
"title": "Huawei HiSuite Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=62554"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003754"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-645"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94640"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003754"
},
{
"db": "NVD",
"id": "CVE-2016-5821"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://labs.bluefrostsecurity.de/advisories/bfs-sa-2016-003/"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/91418"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/137733/huawei-hisuite-for-windows-4.0.3.301-privilege-escalation.html"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/538797/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160624-01-hisuite-en"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5821"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-5821"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/538797/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20160624-01-hisuite-cn"
},
{
"trust": 0.3,
"url": "http://blog.rapid7.com/?p=5325"
},
{
"trust": 0.3,
"url": "http://blog.metasploit.com/2010/08/exploiting-dll-hijacking-flaws.html"
},
{
"trust": 0.3,
"url": "http://blogs.technet.com/b/msrc/archive/2010/08/21/microsoft-security-advisory-2269637-released.aspx"
},
{
"trust": 0.3,
"url": "http://blogs.technet.com/b/srd/archive/2010/08/23/more-information-about-dll-preloading-remote-attack-vector.aspx"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94640"
},
{
"db": "BID",
"id": "91418"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003754"
},
{
"db": "NVD",
"id": "CVE-2016-5821"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-645"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-94640"
},
{
"db": "BID",
"id": "91418"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003754"
},
{
"db": "NVD",
"id": "CVE-2016-5821"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-645"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-07-13T00:00:00",
"db": "VULHUB",
"id": "VHN-94640"
},
{
"date": "2016-06-24T00:00:00",
"db": "BID",
"id": "91418"
},
{
"date": "2016-07-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003754"
},
{
"date": "2016-07-13T15:59:09.013000",
"db": "NVD",
"id": "CVE-2016-5821"
},
{
"date": "2016-06-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201606-645"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-94640"
},
{
"date": "2016-07-06T15:12:00",
"db": "BID",
"id": "91418"
},
{
"date": "2016-07-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003754"
},
{
"date": "2018-10-09T20:00:38.600000",
"db": "NVD",
"id": "CVE-2016-5821"
},
{
"date": "2016-06-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201606-645"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "91418"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-645"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei HiSuite Vulnerabilities that gain system privileges",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003754"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201606-645"
}
],
"trust": 0.6
}
}