var-201704-0500
Vulnerability from variot
Huawei Honor 6, Honor 6 Plus, Honor 7 phones with software versions earlier than 6.9.16 could allow attackers to disable the PXN defense mechanism by invoking related drive code to crash the system or escalate privilege. HuaweiHonor is a smartphone product of China Huawei. Huawei mobile phone has a PXN protection mechanism failure security vulnerability. Due to the security vulnerabilities of PXN (Privileged Execute-Never) protection mechanism in the driver code of Huawei mobile phones, the attacker can induce users to install malicious applications. The application can close the PXN protection mechanism by calling the relevant driver code, resulting in rejection. Service attack. Multiple Huawei Products are prone to a local privilege-escalation. An attacker can exploit this issue to gain elevated privileges or crash the system resulting in a denial-of-service condition. Note: This issue was previously titled 'Multiple Huawei Products CVE-2016-8768 Local Denial of Service Vulnerability'. The title and technical details have been changed to better reflect the underlying component affected
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-0500",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "honor 7",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": null
},
{
"model": "honor 6",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": null
},
{
"model": "honor 6 plus",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": null
},
{
"model": "honor 6 plus",
"scope": "lt",
"trust": 0.8,
"vendor": "huawei",
"version": "6.9.16"
},
{
"model": "honor 6",
"scope": "lt",
"trust": 0.8,
"vendor": "huawei",
"version": "6.9.16"
},
{
"model": "honor 7",
"scope": "lt",
"trust": 0.8,
"vendor": "huawei",
"version": "6.9.16"
},
{
"model": "glory",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "6\u003c6.9.16"
},
{
"model": "glory plus",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "6\u003c6.9.16"
},
{
"model": "glory",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "7\u003c6.9.16"
},
{
"model": "honor",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "76.9"
},
{
"model": "honor plus",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "66.9"
},
{
"model": "honor",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "66.9"
},
{
"model": "honor",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": "76.9.16"
},
{
"model": "honor plus",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": "66.9.16"
},
{
"model": "honor",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": "66.9.16"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10430"
},
{
"db": "BID",
"id": "93885"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008264"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-763"
},
{
"db": "NVD",
"id": "CVE-2016-8768"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:huawei:honor_6_plus_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:honor6_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:honor_7_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008264"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Zhao Jianqiang, Chen Gengjia, Wang Qize, Zhu Bin and Pan Yu.",
"sources": [
{
"db": "BID",
"id": "93885"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-763"
}
],
"trust": 0.9
},
"cve": "CVE-2016-8768",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2016-8768",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 1.2,
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.9,
"id": "CNVD-2016-10430",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:L/AC:H/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-97588",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2016-8768",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-8768",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-8768",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2016-10430",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201610-763",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-97588",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10430"
},
{
"db": "VULHUB",
"id": "VHN-97588"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008264"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-763"
},
{
"db": "NVD",
"id": "CVE-2016-8768"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei Honor 6, Honor 6 Plus, Honor 7 phones with software versions earlier than 6.9.16 could allow attackers to disable the PXN defense mechanism by invoking related drive code to crash the system or escalate privilege. HuaweiHonor is a smartphone product of China Huawei. Huawei mobile phone has a PXN protection mechanism failure security vulnerability. Due to the security vulnerabilities of PXN (Privileged Execute-Never) protection mechanism in the driver code of Huawei mobile phones, the attacker can induce users to install malicious applications. The application can close the PXN protection mechanism by calling the relevant driver code, resulting in rejection. Service attack. Multiple Huawei Products are prone to a local privilege-escalation. \nAn attacker can exploit this issue to gain elevated privileges or crash the system resulting in a denial-of-service condition. \nNote: This issue was previously titled \u0027Multiple Huawei Products CVE-2016-8768 Local Denial of Service Vulnerability\u0027. The title and technical details have been changed to better reflect the underlying component affected",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-8768"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008264"
},
{
"db": "CNVD",
"id": "CNVD-2016-10430"
},
{
"db": "BID",
"id": "93885"
},
{
"db": "VULHUB",
"id": "VHN-97588"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-8768",
"trust": 3.4
},
{
"db": "BID",
"id": "93885",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008264",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201610-763",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-10430",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-97588",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10430"
},
{
"db": "VULHUB",
"id": "VHN-97588"
},
{
"db": "BID",
"id": "93885"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008264"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-763"
},
{
"db": "NVD",
"id": "CVE-2016-8768"
}
]
},
"id": "VAR-201704-0500",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10430"
},
{
"db": "VULHUB",
"id": "VHN-97588"
}
],
"trust": 1.4945112999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10430"
}
]
},
"last_update_date": "2024-11-23T22:07:28.545000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "huawei-sa-20161026-01-pxn",
"trust": 0.8,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161026-01-pxn-en"
},
{
"title": "Huawei mobile phone has a patch for PXN protection mechanism failure security vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/83312"
},
{
"title": "Huawei Honor6 , Honor6P and Honor7 Remediation measures for denial of service vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65117"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10430"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008264"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-763"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-254",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97588"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008264"
},
{
"db": "NVD",
"id": "CVE-2016-8768"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/93885"
},
{
"trust": 2.0,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161026-01-pxn-en"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8768"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-8768"
},
{
"trust": 0.6,
"url": "http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20161026-01-pxn-cn"
},
{
"trust": 0.3,
"url": "http://www.huawei.com"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10430"
},
{
"db": "VULHUB",
"id": "VHN-97588"
},
{
"db": "BID",
"id": "93885"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008264"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-763"
},
{
"db": "NVD",
"id": "CVE-2016-8768"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-10430"
},
{
"db": "VULHUB",
"id": "VHN-97588"
},
{
"db": "BID",
"id": "93885"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008264"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-763"
},
{
"db": "NVD",
"id": "CVE-2016-8768"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-11-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-10430"
},
{
"date": "2017-04-02T00:00:00",
"db": "VULHUB",
"id": "VHN-97588"
},
{
"date": "2016-10-26T00:00:00",
"db": "BID",
"id": "93885"
},
{
"date": "2017-05-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008264"
},
{
"date": "2016-10-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-763"
},
{
"date": "2017-04-02T20:59:01.360000",
"db": "NVD",
"id": "CVE-2016-8768"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-11-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-10430"
},
{
"date": "2017-04-11T00:00:00",
"db": "VULHUB",
"id": "VHN-97588"
},
{
"date": "2016-12-20T03:02:00",
"db": "BID",
"id": "93885"
},
{
"date": "2017-05-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008264"
},
{
"date": "2016-10-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-763"
},
{
"date": "2024-11-21T03:00:01.270000",
"db": "NVD",
"id": "CVE-2016-8768"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201610-763"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Huawei In smartphone software PXN Vulnerability that disables the defense mechanism",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008264"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201610-763"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.