PT-2017-15520 · Huawei · Honor 6

Published

2017-11-22

Updated

2017-12-11

CVE-2017-2733

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Honor 6X smartphones with software versions earlier than BLN-AL10C00B357 Honor 6X smartphones with software versions earlier than BLN-AL20C00B357

Description The issue is caused by improper file permission configuration, leading to an information leak. An attacker can trick a user into installing a malicious application, which can then access files containing the cipher text of the SIM card PIN.

Recommendations For versions earlier than BLN-AL10C00B357, update to a version BLN-AL10C00B357 or later. For versions earlier than BLN-AL20C00B357, update to a version BLN-AL20C00B357 or later.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2017-2733

Affected Products

Honor 6

PT-2017-15520 · Huawei · Honor 6

CVE-2017-2733

Weakness Enumeration

Related Identifiers

Affected Products

References · 4