CVE-2017-15340

Опубликовано: 15 фев. 2018

Источник: nvd

CVSS3: 5.5

CVSS2: 4.3

EPSS Низкий

Описание

Huawei smartphones with software of TAG-AL00C92B168 have an information disclosure vulnerability. An attacker tricks the user to install a crafted application, this application simulate click action to back up data in a non-encrypted way using an Android assist function. Successful exploit could result in information disclosure.

Ссылки

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171213-05-smartphone-en
Vendor Advisory
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171213-05-smartphone-en
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:huawei:tag-al00_firmware:tag-al00c92b168:*:*:*:*:*:*:*

cpe:2.3:h:huawei:tag-al00:-:*:*:*:*:*:*:*

EPSS

Процентиль: 29%

0.00106

Низкий

5.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-gj3v-8h75-6w5j