CVE-2017-2694

{"id": "CVE-2017-2694", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 1.8}]}, "published": "2017-11-22T19:29:00.397", "references": [{"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170125-01-vmall-en", "tags": ["Vendor Advisory"], "source": "psirt@huawei.com"}, {"url": "http://www.securityfocus.com/bid/95915", "tags": ["Third Party Advisory", "VDB Entry"], "source": "psirt@huawei.com"}, {"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170125-01-vmall-en", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/95915", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-275"}]}], "descriptions": [{"lang": "en", "value": "The AlarmService component in HwVmall with software earlier than 1.5.2.0 versions has no control over calling permissions, allowing any third party to call. An attacker can construct a malicious application to call it. Consequently, alert music will be played suddenly, compromising user experience."}, {"lang": "es", "value": "El componente AlarmService en HwVmall con software en versiones anteriores a la 1.5.2.0 no tiene control sobre los permisos de llamada, permitiendo que cualquier tercero llame. Un atacante podr\u00eda construir una aplicaci\u00f3n maliciosa para llamarla. Consecuentemente, sonar\u00e1 de repente una m\u00fasica de alerta, comprometiendo la experiencia de usuario."}], "lastModified": "2024-11-21T03:23:59.767", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:huawei:vmall:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "13DBABD6-A494-46B0-8A6D-07747DE2F385", "versionEndExcluding": "1.5.2.0"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@huawei.com"}