CVE-2017-17322

{"id": "CVE-2017-17322", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2018-03-09T17:29:01.923", "references": [{"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180309-01-ah-en", "tags": ["Vendor Advisory"], "source": "psirt@huawei.com"}, {"url": "http://www.securityfocus.com/bid/103442", "tags": ["Third Party Advisory", "VDB Entry"], "source": "psirt@huawei.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "Huawei Honor Smart Scale Application with software of 1.1.1 has an information disclosure vulnerability. The application does not sufficiently restrict the resource which can be accessed by certain protocol. An attacker could trick the user to click a malicious link, successful exploit could cause information disclosure."}, {"lang": "es", "value": "La aplicaci\u00f3n Huawei Honor Smart Scale 1.1.1 tiene una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n. La aplicaci\u00f3n no restringe lo suficiente el recurso al que se puede acceder por medio de cierto protocolo. Un atacante podr\u00eda enga\u00f1ar al usuario para que haga clic en un enlace malicioso, por lo que la explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda provocar una divulgaci\u00f3n de informaci\u00f3n."}], "lastModified": "2018-03-26T16:48:24.217", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:honor_smart_scale_application_firmware:1.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "723021AF-AE1F-4487-B822-4C738AA17E1B"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:honor_smart_scale_application:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F963FFC3-0533-4892-85E9-EC0EE959B42C"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@huawei.com"}