cnvd - cnvd-2017-10576

CNVD-2017-10576

Vulnerability from cnvd - Published: 2017-06-21

Title

多款OnePlus产品中间人攻击漏洞

Description

OnePlus 3T等都是中国一加科技（OnePlus）公司的智能设备。多款OnePlus产品存在安全漏洞。攻击者可利用该漏洞实施中间人攻击，绕过安全限制，执行未授权操作。

Severity

中

Patch Name

多款OnePlus产品中间人攻击漏洞的补丁

Patch Description

OnePlus 3T等都是中国一加科技（OnePlus）公司的智能设备。多款OnePlus产品存在安全漏洞。攻击者可利用该漏洞实施中间人攻击，绕过安全限制，执行未授权操作。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可参考如下厂商提供的安全补丁以修复该漏洞： https://alephsecurity.com/vulns/aleph-2017022

Reference

http://www.securityfocus.com/bid/98495 https://nvd.nist.gov/vuln/detail/CVE-2016-10370

Impacted products

Name
['OnePlus OxygenOS', 'OnePlus OnePlus 3T']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "98495"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-10370",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10370"
    }
  },
  "description": "OnePlus 3T\u7b49\u90fd\u662f\u4e2d\u56fd\u4e00\u52a0\u79d1\u6280\uff08OnePlus\uff09\u516c\u53f8\u7684\u667a\u80fd\u8bbe\u5907\u3002\r\n\r\n\u591a\u6b3eOnePlus\u4ea7\u54c1\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5b9e\u65bd\u4e2d\u95f4\u4eba\u653b\u51fb\uff0c\u7ed5\u8fc7\u5b89\u5168\u9650\u5236\uff0c\u6267\u884c\u672a\u6388\u6743\u64cd\u4f5c\u3002",
  "discovererName": "Sagi Kedmi",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttps://alephsecurity.com/vulns/aleph-2017022",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-10576",
  "openTime": "2017-06-21",
  "patchDescription": "OnePlus 3T\u7b49\u90fd\u662f\u4e2d\u56fd\u4e00\u52a0\u79d1\u6280\uff08OnePlus\uff09\u516c\u53f8\u7684\u667a\u80fd\u8bbe\u5907\u3002\r\n\r\n\u591a\u6b3eOnePlus\u4ea7\u54c1\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5b9e\u65bd\u4e2d\u95f4\u4eba\u653b\u51fb\uff0c\u7ed5\u8fc7\u5b89\u5168\u9650\u5236\uff0c\u6267\u884c\u672a\u6388\u6743\u64cd\u4f5c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eOnePlus\u4ea7\u54c1\u4e2d\u95f4\u4eba\u653b\u51fb\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "OnePlus OxygenOS",
      "OnePlus OnePlus 3T"
    ]
  },
  "referenceLink": "http://www.securityfocus.com/bid/98495\r\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-10370",
  "serverity": "\u4e2d",
  "submitTime": "2017-05-24",
  "title": "\u591a\u6b3eOnePlus\u4ea7\u54c1\u4e2d\u95f4\u4eba\u653b\u51fb\u6f0f\u6d1e"
}

CVE-2016-10370 (GCVE-0-2016-10370)

Vulnerability from cvelistv5 – Published: 2017-05-11 18:00 – Updated: 2024-08-06 03:21

Summary

An issue was discovered on OnePlus devices such as the 3T. The OnePlus OTA Updater pushes the signed-OTA image over HTTP without TLS. While it does not allow for installation of arbitrary OTAs (due to the digital signature), it unnecessarily increases the attack surface, and allows for remote exploitation of other vulnerabilities such as CVE-2017-5948, CVE-2017-8850, and CVE-2017-8851.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.securityfocus.com/bid/98495	vdb-entryx_refsource_BID
	https://alephsecurity.com/vulns/aleph-2017022	x_refsource_MISC
	https://forums.oneplus.net/threads/ota-and-imei-o…	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T03:21:51.632Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "98495",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/98495"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://alephsecurity.com/vulns/aleph-2017022"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://forums.oneplus.net/threads/ota-and-imei-over-http.453992/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-05-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered on OnePlus devices such as the 3T. The OnePlus OTA Updater pushes the signed-OTA image over HTTP without TLS. While it does not allow for installation of arbitrary OTAs (due to the digital signature), it unnecessarily increases the attack surface, and allows for remote exploitation of other vulnerabilities such as CVE-2017-5948, CVE-2017-8850, and CVE-2017-8851."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-05-22T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "98495",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/98495"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://alephsecurity.com/vulns/aleph-2017022"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://forums.oneplus.net/threads/ota-and-imei-over-http.453992/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-10370",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered on OnePlus devices such as the 3T. The OnePlus OTA Updater pushes the signed-OTA image over HTTP without TLS. While it does not allow for installation of arbitrary OTAs (due to the digital signature), it unnecessarily increases the attack surface, and allows for remote exploitation of other vulnerabilities such as CVE-2017-5948, CVE-2017-8850, and CVE-2017-8851."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "98495",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/98495"
            },
            {
              "name": "https://alephsecurity.com/vulns/aleph-2017022",
              "refsource": "MISC",
              "url": "https://alephsecurity.com/vulns/aleph-2017022"
            },
            {
              "name": "https://forums.oneplus.net/threads/ota-and-imei-over-http.453992/",
              "refsource": "MISC",
              "url": "https://forums.oneplus.net/threads/ota-and-imei-over-http.453992/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-10370",
    "datePublished": "2017-05-11T18:00:00",
    "dateReserved": "2017-05-08T00:00:00",
    "dateUpdated": "2024-08-06T03:21:51.632Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2017-10576

CVE-2016-10370 (GCVE-0-2016-10370)

Tags

Sightings

Nomenclature