CVE-2014-8571 - OpenCVE

Apps on Huawei Ascend P6 mobile phones with software EDGE-U00 V100R001C17B508SP01 and earlier versions before V100R001C17B508SP02; EDGE-T00 V100R001C01B508SP01 and earlier versions before V100R001C01B508SP02; EDGE-C00 V100R001C92B508SP02 and earlier versions before V100R001C92B508SP03 can capture screens without the root permission. As a result, user information can be leaked by malware on Ascend P6 mobile phones.

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Huawei	Ascend P6 Edge-c00 Ascend P6 Edge-c00 Firmware Ascend P6 Edge-t00 Ascend P6 Edge-t00 Firmware Ascend P6 Edge-u00 Ascend P6 Edge-u00 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:huawei:ascend_p6_edge-u00_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:ascend_p6_edge-u00:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:huawei:ascend_p6_edge-t00_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:ascend_p6_edge-t00:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:huawei:ascend_p6_edge-c00_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:ascend_p6_edge-c00:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.huawei.com/en/psirt/security-advisories/hw-372118

History

No history.

MITRE

Status: PUBLISHED

Assigner: huawei

Published: 2017-04-02T20:00:00

Updated: 2024-08-06T13:18:48.493Z

Reserved: 2014-10-31T00:00:00

Link: CVE-2014-8571

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2017-04-02T20:59:00.377

Modified: 2017-04-05T18:50:45.960

Link: CVE-2014-8571

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "EDGE-U00,EDGE-T00,EDGE-C00 EDGE-U00 V100R001C17B508SP01 and earlier versions,V100R001C17B508SP02,EDGE-T00 V100R001C01B508SP01 and earlier versions,V100R001C01B508SP02,EDGE-C00 V100R001C92B508SP02 and earlier versions,V100R001C92B508SP03", "vendor": "n/a", "versions": [{"status": "affected", "version": "EDGE-U00,EDGE-T00,EDGE-C00 EDGE-U00 V100R001C17B508SP01 and earlier versions,V100R001C17B508SP02,EDGE-T00 V100R001C01B508SP01 and earlier versions,V100R001C01B508SP02,EDGE-C00 V100R001C92B508SP02 and earlier versions,V100R001C92B508SP03"}]}], "datePublic": "2017-03-27T00:00:00", "descriptions": [{"lang": "en", "value": "Apps on Huawei Ascend P6 mobile phones with software EDGE-U00 V100R001C17B508SP01 and earlier versions before V100R001C17B508SP02; EDGE-T00 V100R001C01B508SP01 and earlier versions before V100R001C01B508SP02; EDGE-C00 V100R001C92B508SP02 and earlier versions before V100R001C92B508SP03 can capture screens without the root permission. As a result, user information can be leaked by malware on Ascend P6 mobile phones."}], "problemTypes": [{"descriptions": [{"description": "Screen Capture", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-04-02T19:57:01", "orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.huawei.com/en/psirt/security-advisories/hw-372118"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@huawei.com", "ID": "CVE-2014-8571", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "EDGE-U00,EDGE-T00,EDGE-C00 EDGE-U00 V100R001C17B508SP01 and earlier versions,V100R001C17B508SP02,EDGE-T00 V100R001C01B508SP01 and earlier versions,V100R001C01B508SP02,EDGE-C00 V100R001C92B508SP02 and earlier versions,V100R001C92B508SP03", "version": {"version_data": [{"version_value": "EDGE-U00,EDGE-T00,EDGE-C00 EDGE-U00 V100R001C17B508SP01 and earlier versions,V100R001C17B508SP02,EDGE-T00 V100R001C01B508SP01 and earlier versions,V100R001C01B508SP02,EDGE-C00 V100R001C92B508SP02 and earlier versions,V100R001C92B508SP03"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Apps on Huawei Ascend P6 mobile phones with software EDGE-U00 V100R001C17B508SP01 and earlier versions before V100R001C17B508SP02; EDGE-T00 V100R001C01B508SP01 and earlier versions before V100R001C01B508SP02; EDGE-C00 V100R001C92B508SP02 and earlier versions before V100R001C92B508SP03 can capture screens without the root permission. As a result, user information can be leaked by malware on Ascend P6 mobile phones."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Screen Capture"}]}]}, "references": {"reference_data": [{"name": "http://www.huawei.com/en/psirt/security-advisories/hw-372118", "refsource": "CONFIRM", "url": "http://www.huawei.com/en/psirt/security-advisories/hw-372118"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T13:18:48.493Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.huawei.com/en/psirt/security-advisories/hw-372118"}]}]}, "cveMetadata": {"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "assignerShortName": "huawei", "cveId": "CVE-2014-8571", "datePublished": "2017-04-02T20:00:00", "dateReserved": "2014-10-31T00:00:00", "dateUpdated": "2024-08-06T13:18:48.493Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:ascend_p6_edge-u00_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0805AD24-E603-4CDC-9277-6A6EE1277F84", "versionEndIncluding": "v100r001c17b508sp01", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:ascend_p6_edge-u00:-:*:*:*:*:*:*:*", "matchCriteriaId": "BA57D0EC-736C-4346-8570-4BDAA6E6A1C6", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:ascend_p6_edge-t00_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "1B898111-879C-44C5-AC94-4B8273A55119", "versionEndIncluding": "v100r001c01b508sp01", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:ascend_p6_edge-t00:-:*:*:*:*:*:*:*", "matchCriteriaId": "4B43CA15-4E80-42C3-9548-512F305A5C37", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:ascend_p6_edge-c00_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "867F1A1D-E06F-4EBB-BEAC-9111EEBDEBE4", "versionEndIncluding": "v100r001c92b508sp02", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:ascend_p6_edge-c00:-:*:*:*:*:*:*:*", "matchCriteriaId": "7591E2F7-8CE2-4AEB-B21F-BCCAB491DF13", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Apps on Huawei Ascend P6 mobile phones with software EDGE-U00 V100R001C17B508SP01 and earlier versions before V100R001C17B508SP02; EDGE-T00 V100R001C01B508SP01 and earlier versions before V100R001C01B508SP02; EDGE-C00 V100R001C92B508SP02 and earlier versions before V100R001C92B508SP03 can capture screens without the root permission. As a result, user information can be leaked by malware on Ascend P6 mobile phones."}, {"lang": "es", "value": "Aplicaciones en tel\u00e9fonos m\u00f3viles Huawei Ascend P6 con software EDGE-U00 V100R001C17B508SP01 y versiones anteriores a V100R001C17B508SP02; EDGE-T00 V100R001C01B508SP01 y versiones anteriores a V100R001C01B508SP02; EDGE-C00 V100R001C92B508SP02 y versiones anteriores a V100R001C92B508SP03 pueden capturar pantallas sin el permiso de root. Como resultado, la informaci\u00f3n del usuario puede ser filtrada por malware en tel\u00e9fonos m\u00f3viles Ascend P6."}], "id": "CVE-2014-8571", "lastModified": "2017-04-05T18:50:45.960", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-04-02T20:59:00.377", "references": [{"source": "psirt@huawei.com", "tags": ["Vendor Advisory"], "url": "http://www.huawei.com/en/psirt/security-advisories/hw-372118"}], "sourceIdentifier": "psirt@huawei.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}