CVE-2017-2704
CVSS V2 Medium 5
CVSS V3 High 7.5
Description
Smarthome 1.0.2.364 and earlier versions,HiAPP 7.3.0.303 and earlier versions,HwParentControl 2.0.0 and earlier versions,HwParentControlParent 5.1.0.12 and earlier versions,Crowdtest 1.5.3 and earlier versions,HiWallet 8.0.0.301 and earlier versions,Huawei Pay 8.0.0.300 and earlier versions,Skytone 8.1.2.300 and earlier versions,HwCloudDrive(EMUI6.0) 8.0.0.307 and earlier versions,HwPhoneFinder(EMUI6.0) 9.3.0.310 and earlier versions,HwPhoneFinder(EMUI5.1) 9.2.2.303 and earlier versions,HiCinema 8.0.2.300 and earlier versions,HuaweiWear 21.0.0.360 and earlier versions,HiHealthApp 3.0.3.300 and earlier versions have an information exposure vulnerability. Encryption keys are stored in the system. The attacker can implement reverse engineering to obtain the encryption keys, causing information exposure.
Overview
- CVE ID
- CVE-2017-2704
- Assigner
- psirt@huawei.com
- Vulnerability Status
- Analyzed
- Published Version
- 2017-11-22T19:29:00
- Last Modified Date
- 2020-04-02T16:01:29
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| cpe:2.3:a:huawei:smarthome:*:*:*:*:*:*:*:* | 1 | OR | 1.0.2.364 | |
| cpe:2.3:a:huawei:hiapp:*:*:*:*:*:*:*:* | 1 | OR | 7.3.0.303 | |
| cpe:2.3:a:huawei:hwparentcontrol:*:*:*:*:*:*:*:* | 1 | OR | 2.0.0 | |
| cpe:2.3:a:huawei:hwparentcontrolparent:*:*:*:*:*:*:*:* | 1 | OR | 5.1.0.12 | |
| cpe:2.3:a:huawei:crowdtest:*:*:*:*:*:*:*:* | 1 | OR | 1.5.3 | |
| cpe:2.3:a:huawei:hiwallet:*:*:*:*:*:*:*:* | 1 | OR | 8.0.0.301 | |
| cpe:2.3:a:huawei:huawei_pay:*:*:*:*:*:*:*:* | 1 | OR | 8.0.0.300 | |
| cpe:2.3:a:huawei:skytone:*:*:*:*:*:*:*:* | 1 | OR | 8.1.2.300 | |
| cpe:2.3:o:huawei:hwclouddrive\(emui6.0\):*:*:*:*:*:*:*:* | 1 | OR | 8.0.0.307 | |
| cpe:2.3:a:huawei:hwphonefinder\(emui6.0\):*:*:*:*:*:*:*:* | 1 | OR | 9.3.0.310 | |
| cpe:2.3:a:huawei:hwphonefinder\(emui5.1\):*:*:*:*:*:*:*:* | 1 | OR | 9.2.2.303 | |
| cpe:2.3:a:huawei:hicinema:*:*:*:*:*:*:*:* | 1 | OR | 8.0.2.300 | |
| cpe:2.3:a:huawei:huaweiwear:*:*:*:*:*:*:*:* | 1 | OR | 21.0.0.360 | |
| cpe:2.3:a:huawei:hihealthapp:*:*:*:*:*:*:*:* | 1 | OR | 3.0.3.300 |
CVSS Version 2
- Version
- 2.0
- Vector String
- AV:N/AC:L/Au:N/C:P/I:N/A:N
- Access Vector
- NETWORK
- Access Compatibility
- LOW
- Authentication
- NONE
- Confidentiality Impact
- PARTIAL
- Integrity Impact
- NONE
- Availability Impact
- NONE
- Base Score
- 5
- Severity
- MEDIUM
- Exploitability Score
- 10
- Impact Score
- 2.9
CVSS Version 3
- Version
- 3.1
- Vector String
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Attack Vector
- NETWORK
- Attack Compatibility
- LOW
- Privileges Required
- NONE
- User Interaction
- NONE
- Scope
- UNCHANGED
- Confidentiality Impact
- HIGH
- Availability Impact
- NONE
- Base Score
- 7.5
- Base Severity
- HIGH
- Exploitability Score
- 3.9
- Impact Score
- 3.6
References
| Reference URL | Reference Tags |
|---|---|
| http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170920-01-encryption-en | Vendor Advisory |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2017-2704 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2704 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2022-05-10 16:45:34 | Added to TrackCVE | |||
| 2022-12-02 23:19:57 | 2017-11-22T19:29Z | 2017-11-22T19:29:00 | CVE Published Date | updated |
| 2022-12-02 23:19:57 | 2020-04-02T16:01:29 | CVE Modified Date | updated | |
| 2022-12-02 23:19:57 | Analyzed | Vulnerability Status | updated |