VAR-201709-0053
Vulnerability from variot - Updated: 2023-12-18 12:19Huawei P8 before GRA-CL00C92B210, before GRA-L09C432B200, before GRA-TL00C01B210, and before GRA-UL00C00B210 allows remote attackers to obtain user equipment (aka UE) measurements of signal strengths. Huawei P8 Contains an information disclosure vulnerability.Information may be obtained. HuaweiP8 is a smartphone product from China's Huawei company. The vulnerability stems from the P8 mobile phone failing to judge its own security status when sending specific signaling to the base station. The attacker can use the pseudo base station to construct a specific scenario to exploit the vulnerability to obtain signaling (including the userequipment (UE) wireless signal strength measurement value) before the P8 completes the security activation. The following versions are affected: Huawei versions prior to GRA-CL00C92B210, versions prior to GRA-L09C432B200, versions prior to GRA-TL00C01B210, versions prior to GRA-UL00C00B210
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201709-0053",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "p8",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": null
},
{
"model": "p8",
"scope": "lt",
"trust": 0.8,
"vendor": "huawei",
"version": "gra-cl00c92b210"
},
{
"model": "p8",
"scope": "lt",
"trust": 0.8,
"vendor": "huawei",
"version": "gra-l09c432b200"
},
{
"model": "p8",
"scope": "lt",
"trust": 0.8,
"vendor": "huawei",
"version": "gra-tl00c01b210"
},
{
"model": "p8",
"scope": "lt",
"trust": 0.8,
"vendor": "huawei",
"version": "gra-ul00c00b210"
},
{
"model": "p8",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "p8 \u003c=gra-cl00c92b210",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "p8 \u003c=gra-l09c432b200",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "p8 \u003c=gra-tl00c01b210",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "p8 \u003c=gra-ul00c00b210",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-30096"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007908"
},
{
"db": "NVD",
"id": "CVE-2015-8224"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-961"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:huawei:p8_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:huawei:p8:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-8224"
}
]
},
"cve": "CVE-2015-8224",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2015-8224",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"id": "CNVD-2017-30096",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-86185",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.2,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.7,
"baseSeverity": "Low",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2015-8224",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-8224",
"trust": 1.8,
"value": "LOW"
},
{
"author": "CNVD",
"id": "CNVD-2017-30096",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201709-961",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-86185",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-30096"
},
{
"db": "VULHUB",
"id": "VHN-86185"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007908"
},
{
"db": "NVD",
"id": "CVE-2015-8224"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-961"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei P8 before GRA-CL00C92B210, before GRA-L09C432B200, before GRA-TL00C01B210, and before GRA-UL00C00B210 allows remote attackers to obtain user equipment (aka UE) measurements of signal strengths. Huawei P8 Contains an information disclosure vulnerability.Information may be obtained. HuaweiP8 is a smartphone product from China\u0027s Huawei company. The vulnerability stems from the P8 mobile phone failing to judge its own security status when sending specific signaling to the base station. The attacker can use the pseudo base station to construct a specific scenario to exploit the vulnerability to obtain signaling (including the userequipment (UE) wireless signal strength measurement value) before the P8 completes the security activation. The following versions are affected: Huawei versions prior to GRA-CL00C92B210, versions prior to GRA-L09C432B200, versions prior to GRA-TL00C01B210, versions prior to GRA-UL00C00B210",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-8224"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007908"
},
{
"db": "CNVD",
"id": "CNVD-2017-30096"
},
{
"db": "VULHUB",
"id": "VHN-86185"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-8224",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007908",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201709-961",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-30096",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-86185",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-30096"
},
{
"db": "VULHUB",
"id": "VHN-86185"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007908"
},
{
"db": "NVD",
"id": "CVE-2015-8224"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-961"
}
]
},
"id": "VAR-201709-0053",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-30096"
},
{
"db": "VULHUB",
"id": "VHN-86185"
}
],
"trust": 1.2752314999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-30096"
}
]
},
"last_update_date": "2023-12-18T12:19:33.732000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Huawei-SA-20151029-01-UE",
"trust": 0.8,
"url": "http://www.huawei.com/en/psirt/security-advisories/hw-459832"
},
{
"title": "HuaweiP8 information disclosure vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/103638"
},
{
"title": "Huawei P8 Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=75013"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-30096"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007908"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-961"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-86185"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007908"
},
{
"db": "NVD",
"id": "CVE-2015-8224"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-459832.htm"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8224"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8224"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-30096"
},
{
"db": "VULHUB",
"id": "VHN-86185"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007908"
},
{
"db": "NVD",
"id": "CVE-2015-8224"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-961"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-30096"
},
{
"db": "VULHUB",
"id": "VHN-86185"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007908"
},
{
"db": "NVD",
"id": "CVE-2015-8224"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-961"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-30096"
},
{
"date": "2017-09-20T00:00:00",
"db": "VULHUB",
"id": "VHN-86185"
},
{
"date": "2017-10-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007908"
},
{
"date": "2017-09-20T16:29:00.787000",
"db": "NVD",
"id": "CVE-2015-8224"
},
{
"date": "2017-09-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-961"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-30096"
},
{
"date": "2017-09-23T00:00:00",
"db": "VULHUB",
"id": "VHN-86185"
},
{
"date": "2017-10-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007908"
},
{
"date": "2017-09-23T14:43:52.587000",
"db": "NVD",
"id": "CVE-2015-8224"
},
{
"date": "2017-09-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-961"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-961"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei P8 Information Disclosure Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-30096"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-961"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-961"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…