Information Leak Vulnerability in Honor 6X Smartphones by Huawei
CVE-2017-2733

5.5MEDIUM

Key Information:

Vendor: McAfee
Status: Honor 6x
Vendor: CVE Published:; 22 November 2017

Summary

The Honor 6X smartphones, when running software versions prior to BLN-AL10C00B357 and BLN-AL20C00B357, are susceptible to an information leak. This vulnerability arises from improper file permission configuration, enabling an attacker to deceive a user into installing a malicious application. Once installed, this application can gain access to files containing the cipher text of the SIM card PIN, potentially compromising users' sensitive information.

Affected Version(s)

Honor 6X Versions earlier than BLN-AL10C00B357, Versions earlier than BLN-AL20C00B357

References

http://www.huawei.com/en/psirt/security-advisories/huawei...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/97700

vdb-entryx_refsource_BID

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 22, 2017
Vulnerability Reserved
Dec 1, 2016