CVE-2017-2732 - OpenCVE

Huawei Hilink APP Versions earlier before 5.0.25.306 has an information leak vulnerability. An attacker may trick a user into installing a malicious application and application can access Hilink APP data.

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Huawei	Hilink

Configuration 1 [-]

cpe:2.3:a:huawei:hilink:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-hilinkapp-en

History

No history.

MITRE

Status: PUBLISHED

Assigner: huawei

Published: 2017-11-22T19:00:00Z

Updated: 2024-09-16T19:36:25.305Z

Reserved: 2016-12-01T00:00:00

Link: CVE-2017-2732

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2017-11-22T19:29:01.803

Modified: 2017-12-07T19:46:20.577

Link: CVE-2017-2732

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "HUAWEI HiLink APP (for IOS)", "vendor": "Huawei Technologies Co., Ltd.", "versions": [{"status": "affected", "version": "Versions earlier before 5.0.25.306"}]}], "datePublic": "2017-11-15T00:00:00", "descriptions": [{"lang": "en", "value": "Huawei Hilink APP Versions earlier before 5.0.25.306 has an information leak vulnerability. An attacker may trick a user into installing a malicious application and application can access Hilink APP data."}], "problemTypes": [{"descriptions": [{"description": "Information Leak", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-11-22T18:57:01", "orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-hilinkapp-en"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@huawei.com", "DATE_PUBLIC": "2017-11-15T00:00:00", "ID": "CVE-2017-2732", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "HUAWEI HiLink APP (for IOS)", "version": {"version_data": [{"version_value": "Versions earlier before 5.0.25.306"}]}}]}, "vendor_name": "Huawei Technologies Co., Ltd."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Huawei Hilink APP Versions earlier before 5.0.25.306 has an information leak vulnerability. An attacker may trick a user into installing a malicious application and application can access Hilink APP data."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Information Leak"}]}]}, "references": {"reference_data": [{"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-hilinkapp-en", "refsource": "CONFIRM", "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-hilinkapp-en"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T14:02:07.650Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-hilinkapp-en"}]}]}, "cveMetadata": {"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "assignerShortName": "huawei", "cveId": "CVE-2017-2732", "datePublished": "2017-11-22T19:00:00Z", "dateReserved": "2016-12-01T00:00:00", "dateUpdated": "2024-09-16T19:36:25.305Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:huawei:hilink:*:*:*:*:*:*:*:*", "matchCriteriaId": "1B82D912-DFCD-4030-A927-CA66AAB92B93", "versionEndExcluding": "5.0.25.306", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Huawei Hilink APP Versions earlier before 5.0.25.306 has an information leak vulnerability. An attacker may trick a user into installing a malicious application and application can access Hilink APP data."}, {"lang": "es", "value": "Huawei Hilink APP en versiones anteriores a la 5.0.25.306 tiene una vulnerabilidad de filtrado de informaci\u00f3n. Un atacante podr\u00eda enga\u00f1ar a un usuario para que instale una aplicaci\u00f3n maliciosa y que esta pueda acceder a los datos de Hilink."}], "id": "CVE-2017-2732", "lastModified": "2017-12-07T19:46:20.577", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-11-22T19:29:01.803", "references": [{"source": "psirt@huawei.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-hilinkapp-en"}], "sourceIdentifier": "psirt@huawei.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}