nvd-json-data-feeds/CVE-2017/CVE-2017-27xx/CVE-2017-2715.json

{
  "id": "CVE-2017-2715",
  "sourceIdentifier": "psirt@huawei.com",
  "published": "2017-11-22T19:29:01.117",
  "lastModified": "2017-12-11T16:55:27.967",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "The Files APP 7.1.1.309 and earlier versions in some Huawei mobile phones has a brute-force password cracking vulnerability due to the improper design of the Safe key database. An unauthorized attacker could access sensitive database information and may crack users' Safe passwords, leading to information leak."
    },
    {
      "lang": "es",
      "value": "Files APP en su versi\u00f3n 7.1.1.309 y anteriores en algunos tel\u00e9fonos m\u00f3viles Huawei tiene una vulnerabilidad de descifrado de contrase\u00f1as por fuerza bruta debido al dise\u00f1o inadecuado de la base de datos de Safe key. Un atacante no autorizado podr\u00eda acceder a informaci\u00f3n sensible de la base de datos y podr\u00eda descifrar las contrase\u00f1as Safe de los usuarios, lo que conduce a un filtrado de informaci\u00f3n."
    }
  ],
  "metrics": {
    "cvssMetricV30": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.0",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attackVector": "LOCAL",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "accessVector": "LOCAL",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1
        },
        "baseSeverity": "LOW",
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "acInsufInfo": true,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:huawei:files:*:*:*:*:*:*:*:*",
              "versionEndIncluding": "7.1.1.309",
              "matchCriteriaId": "BC4CA7CB-4ABD-4B9A-8F5E-7F8AAC485DD4"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170425-01-files-en",
      "source": "psirt@huawei.com",
      "tags": [
        "VDB Entry"
      ]
    }
  ]
}