CVE-2017-8154 - OpenCVE

The Themes App Honor 8 Lite Huawei mobile phones with software of versions before Prague-L31C576B172, versions before Prague-L31C530B160, versions before Prague-L31C432B180 has a man-in-the-middle (MITM) vulnerability due to the use of the insecure HTTP protocol for theme download. An attacker may exploit this vulnerability to tamper with downloaded themes.

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:H/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Huawei	Honor 8 Lite Honor 8 Lite Firmware

Configuration 1 [-]

AND

cpe:2.3:o:huawei:honor_8_lite_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:honor_8_lite:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:huawei:honor_8_lite_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:honor_8_lite:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:huawei:honor_8_lite_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:honor_8_lite:-:*:*:*:*:*:*:*

References

Link	Resource
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170908-01-smartphone-en	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: huawei

Published: 2018-04-11T17:00:00

Updated: 2018-04-11T16:57:01

Reserved: 2017-04-25T00:00:00

Link: CVE-2017-8154

JSON object: View

NVD Information

Status : Analyzed

Published: 2018-04-11T17:29:00.257

Modified: 2019-10-03T00:03:26.223

Link: CVE-2017-8154

JSON object: View

Redhat Information

No data.

CWE

CWE-319

{"containers": {"cna": {"affected": [{"product": "Honor 8 Lite", "vendor": "Huawei Technologies Co., Ltd.", "versions": [{"status": "affected", "version": "The versions before Prague-L31C576B172, The versions before Prague-L31C530B160, The versions before Prague-L31C432B180"}]}], "datePublic": "2017-09-08T00:00:00", "descriptions": [{"lang": "en", "value": "The Themes App Honor 8 Lite Huawei mobile phones with software of versions before Prague-L31C576B172, versions before Prague-L31C530B160, versions before Prague-L31C432B180 has a man-in-the-middle (MITM) vulnerability due to the use of the insecure HTTP protocol for theme download. An attacker may exploit this vulnerability to tamper with downloaded themes."}], "problemTypes": [{"descriptions": [{"description": "MITM", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-04-11T16:57:01", "orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170908-01-smartphone-en"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@huawei.com", "ID": "CVE-2017-8154", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Honor 8 Lite", "version": {"version_data": [{"version_value": "The versions before Prague-L31C576B172, The versions before Prague-L31C530B160, The versions before Prague-L31C432B180"}]}}]}, "vendor_name": "Huawei Technologies Co., Ltd."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Themes App Honor 8 Lite Huawei mobile phones with software of versions before Prague-L31C576B172, versions before Prague-L31C530B160, versions before Prague-L31C432B180 has a man-in-the-middle (MITM) vulnerability due to the use of the insecure HTTP protocol for theme download. An attacker may exploit this vulnerability to tamper with downloaded themes."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "MITM"}]}]}, "references": {"reference_data": [{"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170908-01-smartphone-en", "refsource": "CONFIRM", "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170908-01-smartphone-en"}]}}}}, "cveMetadata": {"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "assignerShortName": "huawei", "cveId": "CVE-2017-8154", "datePublished": "2018-04-11T17:00:00", "dateReserved": "2017-04-25T00:00:00", "dateUpdated": "2018-04-11T16:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:honor_8_lite_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A3DF33DB-3A11-42AE-855C-9E85BC1F0FC5", "versionEndExcluding": "prague-l31c530b160", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:honor_8_lite:-:*:*:*:*:*:*:*", "matchCriteriaId": "E9A76E53-8352-4639-97D4-EC8CB1BED996", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:honor_8_lite_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "1E8C6DF2-9FA8-4E43-8DBE-00988DB65399", "versionEndExcluding": "prague-l31c576b172", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:honor_8_lite:-:*:*:*:*:*:*:*", "matchCriteriaId": "E9A76E53-8352-4639-97D4-EC8CB1BED996", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:honor_8_lite_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3F09593D-5FC0-401E-9A5F-1222B7D959CB", "versionEndExcluding": "prague-l31c432b180", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:honor_8_lite:-:*:*:*:*:*:*:*", "matchCriteriaId": "E9A76E53-8352-4639-97D4-EC8CB1BED996", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "The Themes App Honor 8 Lite Huawei mobile phones with software of versions before Prague-L31C576B172, versions before Prague-L31C530B160, versions before Prague-L31C432B180 has a man-in-the-middle (MITM) vulnerability due to the use of the insecure HTTP protocol for theme download. An attacker may exploit this vulnerability to tamper with downloaded themes."}, {"lang": "es", "value": "Los tel\u00e9fonos m\u00f3viles Themes App Honor 8 Lite Huawei con versiones de software anteriores a Prague-L31C576B172, anteriores a Prague-L31C530B160 y anteriores a Prague-L31C432B180 tienen una vulnerabilidad Man-in-the-Middle (MitM) debido al uso del protocolo no seguro HTTP para la descarga de temas. Un atacante podr\u00eda explotar esta vulnerabilidad para manipular temas descargados."}], "id": "CVE-2017-8154", "lastModified": "2019-10-03T00:03:26.223", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 1.6, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-04-11T17:29:00.257", "references": [{"source": "psirt@huawei.com", "tags": ["Vendor Advisory"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170908-01-smartphone-en"}], "sourceIdentifier": "psirt@huawei.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-319"}], "source": "nvd@nist.gov", "type": "Primary"}]}