8.8 High
CVSS3
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.3 High
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:A/AC:L/Au:N/C:C/I:C/A:C
0.024 Low
EPSS
Percentile
89.7%
There are multiple vulnerabilities of the BlueTooth Network in some Huawei products. These vulnerabilities are as follows:
1.Remote Code Execution Vulnerability
This vulnerability resides in the Bluetooth Network Encapsulation Protocol (BNEP) service, which enables internet sharing over a Bluetooth connection (tethering). Due to a flaw in the BNEP service, successful exploit of this vulnerability could allow an attacker to remotely execute arbitrary code on affected devices. (Vulnerability ID: HWPSIRT-2017-09131)
This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-0781.
2. Remote Code Execution vulnerability
This vulnerability is similar to the previous one, but resides in a higher level of the BNEP service – the Personal Area Networking (PAN) profile – which is responsible for establishing an IP based network connection between two devices. Similar to the previous vulnerability, successful exploit of this vulnerability could allow an attacker to remotely execute arbitrary code on affected devices. (Vulnerability ID: HWPSIRT-2017-09132)
This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-0782.
3. The Bluetooth Pineapple – Man in The Middle attack
This vulnerability resides in the PAN profile of the Bluetooth stack, and enables the attacker to create a malicious network interface on the victim’s device, re-configure IP routing and force the device to transmit all communication through the malicious network interface. This vulnerability could allow an attacker to launch man-in-the-middle (MITM) attacks. (Vulnerability ID: HWPSIRT-2017-09133)
This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-0783.
4. Information Leak Vulnerability
The vulnerability was found in the SDP (Service Discovery Protocol) server, which enables the device to identify other Bluetooth services around it. The flaw allows the attacker to send a set of crafted requests to the server, causing it to disclose memory bits in response. These pieces of information can later be used by the attacker to overcome advanced security measures and take control over the device. (Vulnerability ID: HWPSIRT-2017-09134)
This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-0785.
Huawei has released software updates to fix these vulnerabilities. This advisory is available at the following link:
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171018-01-blueborne-en
8.8 High
CVSS3
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.3 High
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:A/AC:L/Au:N/C:C/I:C/A:C
0.024 Low
EPSS
Percentile
89.7%