Huawei TechnologiesHUAWEI-SA-20170908-01-SMARTPHONESecurity Advisory - MITM Vulnerability in Huawei Themes App in Some Mobile Phones
2.6 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:N/I:P/A:N
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
0.001 Low
EPSS
Percentile
29.4%
The Themes App in some Huawei mobile phones has a man-in-the-middle (MITM) vulnerability due to the use of the insecure HTTP protocol for theme download. An attacker may exploit this vulnerability to tamper with downloaded themes. (Vulnerability ID: HWPSIRT-2017-06263)
This vulnerability has been assigned a CVE ID: CVE-2017-8154.
Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170908-01-smartphone-en
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| honor 8 lite | eq | Prague-L31C576B172 | |
| honor 8 lite | eq | Prague-L31C530B160 | |
| honor 8 lite | eq | Prague-L31C432B180 |
Related
2.6 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:N/I:P/A:N
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
0.001 Low
EPSS
Percentile
29.4%