CVE-2017-8154 - OpenCVE

The Themes App Honor 8 Lite Huawei mobile phones with software of versions before Prague-L31C576B172, versions before Prague-L31C530B160, versions before Prague-L31C432B180 has a man-in-the-middle (MITM) vulnerability due to the use of the insecure HTTP protocol for theme download. An attacker may exploit this vulnerability to tamper with downloaded themes.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:H/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Huawei	Honor 8 Lite Honor 8 Lite Firmware

Configuration 1 [-]

AND

cpe:2.3:o:huawei:honor_8_lite_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:honor_8_lite:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:huawei:honor_8_lite_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:honor_8_lite:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:huawei:honor_8_lite_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:honor_8_lite:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170908-01-smartphone-en

History

No history.

MITRE

Status: PUBLISHED

Assigner: huawei

Published: 2018-04-11T17:00:00

Updated: 2024-08-05T16:27:22.436Z

Reserved: 2017-04-25T00:00:00

Link: CVE-2017-8154

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2018-04-11T17:29:00.257

Modified: 2019-10-03T00:03:26.223

Link: CVE-2017-8154

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Honor 8 Lite", "vendor": "Huawei Technologies Co., Ltd.", "versions": [{"status": "affected", "version": "The versions before Prague-L31C576B172, The versions before Prague-L31C530B160, The versions before Prague-L31C432B180"}]}], "datePublic": "2017-09-08T00:00:00", "descriptions": [{"lang": "en", "value": "The Themes App Honor 8 Lite Huawei mobile phones with software of versions before Prague-L31C576B172, versions before Prague-L31C530B160, versions before Prague-L31C432B180 has a man-in-the-middle (MITM) vulnerability due to the use of the insecure HTTP protocol for theme download. An attacker may exploit this vulnerability to tamper with downloaded themes."}], "problemTypes": [{"descriptions": [{"description": "MITM", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-04-11T16:57:01", "orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170908-01-smartphone-en"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@huawei.com", "ID": "CVE-2017-8154", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Honor 8 Lite", "version": {"version_data": [{"version_value": "The versions before Prague-L31C576B172, The versions before Prague-L31C530B160, The versions before Prague-L31C432B180"}]}}]}, "vendor_name": "Huawei Technologies Co., Ltd."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Themes App Honor 8 Lite Huawei mobile phones with software of versions before Prague-L31C576B172, versions before Prague-L31C530B160, versions before Prague-L31C432B180 has a man-in-the-middle (MITM) vulnerability due to the use of the insecure HTTP protocol for theme download. An attacker may exploit this vulnerability to tamper with downloaded themes."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "MITM"}]}]}, "references": {"reference_data": [{"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170908-01-smartphone-en", "refsource": "CONFIRM", "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170908-01-smartphone-en"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T16:27:22.436Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170908-01-smartphone-en"}]}]}, "cveMetadata": {"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "assignerShortName": "huawei", "cveId": "CVE-2017-8154", "datePublished": "2018-04-11T17:00:00", "dateReserved": "2017-04-25T00:00:00", "dateUpdated": "2024-08-05T16:27:22.436Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:honor_8_lite_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A3DF33DB-3A11-42AE-855C-9E85BC1F0FC5", "versionEndExcluding": "prague-l31c530b160", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:honor_8_lite:-:*:*:*:*:*:*:*", "matchCriteriaId": "E9A76E53-8352-4639-97D4-EC8CB1BED996", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:honor_8_lite_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "1E8C6DF2-9FA8-4E43-8DBE-00988DB65399", "versionEndExcluding": "prague-l31c576b172", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:honor_8_lite:-:*:*:*:*:*:*:*", "matchCriteriaId": "E9A76E53-8352-4639-97D4-EC8CB1BED996", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:honor_8_lite_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3F09593D-5FC0-401E-9A5F-1222B7D959CB", "versionEndExcluding": "prague-l31c432b180", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:honor_8_lite:-:*:*:*:*:*:*:*", "matchCriteriaId": "E9A76E53-8352-4639-97D4-EC8CB1BED996", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Themes App Honor 8 Lite Huawei mobile phones with software of versions before Prague-L31C576B172, versions before Prague-L31C530B160, versions before Prague-L31C432B180 has a man-in-the-middle (MITM) vulnerability due to the use of the insecure HTTP protocol for theme download. An attacker may exploit this vulnerability to tamper with downloaded themes."}, {"lang": "es", "value": "Los tel\u00e9fonos m\u00f3viles Themes App Honor 8 Lite Huawei con versiones de software anteriores a Prague-L31C576B172, anteriores a Prague-L31C530B160 y anteriores a Prague-L31C432B180 tienen una vulnerabilidad Man-in-the-Middle (MitM) debido al uso del protocolo no seguro HTTP para la descarga de temas. Un atacante podr\u00eda explotar esta vulnerabilidad para manipular temas descargados."}], "id": "CVE-2017-8154", "lastModified": "2019-10-03T00:03:26.223", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 1.6, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-04-11T17:29:00.257", "references": [{"source": "psirt@huawei.com", "tags": ["Vendor Advisory"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170908-01-smartphone-en"}], "sourceIdentifier": "psirt@huawei.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-319"}], "source": "nvd@nist.gov", "type": "Primary"}]}