var-201709-0053
Vulnerability from variot
Huawei P8 before GRA-CL00C92B210, before GRA-L09C432B200, before GRA-TL00C01B210, and before GRA-UL00C00B210 allows remote attackers to obtain user equipment (aka UE) measurements of signal strengths. Huawei P8 Contains an information disclosure vulnerability.Information may be obtained. HuaweiP8 is a smartphone product from China's Huawei company. The vulnerability stems from the P8 mobile phone failing to judge its own security status when sending specific signaling to the base station. The attacker can use the pseudo base station to construct a specific scenario to exploit the vulnerability to obtain signaling (including the userequipment (UE) wireless signal strength measurement value) before the P8 completes the security activation. The following versions are affected: Huawei versions prior to GRA-CL00C92B210, versions prior to GRA-L09C432B200, versions prior to GRA-TL00C01B210, versions prior to GRA-UL00C00B210
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201709-0053",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "p8",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": null
},
{
"model": "p8",
"scope": "lt",
"trust": 0.8,
"vendor": "huawei",
"version": "gra-cl00c92b210"
},
{
"model": "p8",
"scope": "lt",
"trust": 0.8,
"vendor": "huawei",
"version": "gra-l09c432b200"
},
{
"model": "p8",
"scope": "lt",
"trust": 0.8,
"vendor": "huawei",
"version": "gra-tl00c01b210"
},
{
"model": "p8",
"scope": "lt",
"trust": 0.8,
"vendor": "huawei",
"version": "gra-ul00c00b210"
},
{
"model": "p8",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "p8 \u003c=gra-cl00c92b210",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "p8 \u003c=gra-l09c432b200",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "p8 \u003c=gra-tl00c01b210",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "p8 \u003c=gra-ul00c00b210",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-30096"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007908"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-961"
},
{
"db": "NVD",
"id": "CVE-2015-8224"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:huawei:p8_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007908"
}
]
},
"cve": "CVE-2015-8224",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2015-8224",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"id": "CNVD-2017-30096",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-86185",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.2,
"id": "CVE-2015-8224",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-8224",
"trust": 1.0,
"value": "LOW"
},
{
"author": "NVD",
"id": "CVE-2015-8224",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNVD",
"id": "CNVD-2017-30096",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201709-961",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-86185",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-30096"
},
{
"db": "VULHUB",
"id": "VHN-86185"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007908"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-961"
},
{
"db": "NVD",
"id": "CVE-2015-8224"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei P8 before GRA-CL00C92B210, before GRA-L09C432B200, before GRA-TL00C01B210, and before GRA-UL00C00B210 allows remote attackers to obtain user equipment (aka UE) measurements of signal strengths. Huawei P8 Contains an information disclosure vulnerability.Information may be obtained. HuaweiP8 is a smartphone product from China\u0027s Huawei company. The vulnerability stems from the P8 mobile phone failing to judge its own security status when sending specific signaling to the base station. The attacker can use the pseudo base station to construct a specific scenario to exploit the vulnerability to obtain signaling (including the userequipment (UE) wireless signal strength measurement value) before the P8 completes the security activation. The following versions are affected: Huawei versions prior to GRA-CL00C92B210, versions prior to GRA-L09C432B200, versions prior to GRA-TL00C01B210, versions prior to GRA-UL00C00B210",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-8224"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007908"
},
{
"db": "CNVD",
"id": "CNVD-2017-30096"
},
{
"db": "VULHUB",
"id": "VHN-86185"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-8224",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007908",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201709-961",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-30096",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-86185",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-30096"
},
{
"db": "VULHUB",
"id": "VHN-86185"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007908"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-961"
},
{
"db": "NVD",
"id": "CVE-2015-8224"
}
]
},
"id": "VAR-201709-0053",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-30096"
},
{
"db": "VULHUB",
"id": "VHN-86185"
}
],
"trust": 1.2752314999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-30096"
}
]
},
"last_update_date": "2024-11-23T21:53:48.561000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Huawei-SA-20151029-01-UE",
"trust": 0.8,
"url": "http://www.huawei.com/en/psirt/security-advisories/hw-459832"
},
{
"title": "HuaweiP8 information disclosure vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/103638"
},
{
"title": "Huawei P8 Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75013"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-30096"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007908"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-961"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-86185"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007908"
},
{
"db": "NVD",
"id": "CVE-2015-8224"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-459832.htm"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8224"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8224"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-30096"
},
{
"db": "VULHUB",
"id": "VHN-86185"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007908"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-961"
},
{
"db": "NVD",
"id": "CVE-2015-8224"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-30096"
},
{
"db": "VULHUB",
"id": "VHN-86185"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007908"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-961"
},
{
"db": "NVD",
"id": "CVE-2015-8224"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-30096"
},
{
"date": "2017-09-20T00:00:00",
"db": "VULHUB",
"id": "VHN-86185"
},
{
"date": "2017-10-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007908"
},
{
"date": "2017-09-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-961"
},
{
"date": "2017-09-20T16:29:00.787000",
"db": "NVD",
"id": "CVE-2015-8224"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-30096"
},
{
"date": "2017-09-23T00:00:00",
"db": "VULHUB",
"id": "VHN-86185"
},
{
"date": "2017-10-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007908"
},
{
"date": "2017-09-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-961"
},
{
"date": "2024-11-21T02:38:07.337000",
"db": "NVD",
"id": "CVE-2015-8224"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-961"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei P8 Information Disclosure Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-30096"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-961"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-961"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.