CVE-2017-2704 Information

Feb 14, 2021 cve

Description

Smarthome 1.0.2.364 and earlier versionsHiAPP 7.3.0.303 and earlier versionsHwParentControl 2.0.0 and earlier versionsHwParentControlParent 5.1.0.12 and earlier versionsCrowdtest 1.5.3 and earlier versionsHiWallet 8.0.0.301 and earlier versionsHuawei Pay 8.0.0.300 and earlier versionsSkytone 8.1.2.300 and earlier versionsHwCloudDrive(EMUI6.0) 8.0.0.307 and earlier versionsHwPhoneFinder(EMUI6.0) 9.3.0.310 and earlier versionsHwPhoneFinder(EMUI5.1) 9.2.2.303 and earlier versionsHiCinema 8.0.2.300 and earlier versionsHuaweiWear 21.0.0.360 and earlier versionsHiHealthApp 3.0.3.300 and earlier versions have an information exposure vulnerability. Encryption keys are stored in the system. The attacker can implement reverse engineering to obtain the encryption keys causing information exposure.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Reference

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170920-01-encryption-en

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

7.5

Share on: