CVE-2017-15340

{"id": "CVE-2017-15340", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2018-02-15T16:29:00.783", "references": [{"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171213-05-smartphone-en", "tags": ["Vendor Advisory"], "source": "psirt@huawei.com"}, {"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171213-05-smartphone-en", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Huawei smartphones with software of TAG-AL00C92B168 have an information disclosure vulnerability. An attacker tricks the user to install a crafted application, this application simulate click action to back up data in a non-encrypted way using an Android assist function. Successful exploit could result in information disclosure."}, {"lang": "es", "value": "Los smartphones Huawei con software TAG-AL00C92B168 tienen una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n. Un atacante enga\u00f1a a un usuario para que instale una aplicaci\u00f3n manipulada que simula una acci\u00f3n de clic para realizar una copia de seguridad de los datos de forma no cifrada mediante la funci\u00f3n Android assist. La explotaci\u00f3n con \u00e9xito podr\u00eda resultar en una divulgaci\u00f3n de informaci\u00f3n."}], "lastModified": "2024-11-21T03:14:30.073", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:tag-al00_firmware:tag-al00c92b168:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "09874F25-A23B-4A16-86E6-9C0B05317F49"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:tag-al00:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3386F709-6AA6-404D-995E-B968A3A26376"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@huawei.com"}