Vulnerability Details : CVE-2017-2723
The Files APP 7.1.1.308 and earlier versions in some Huawei mobile phones has a vulnerability of plaintext storage of users' Safe passwords. An attacker with the root privilege of an Android system could forge the Safe to read users' plaintext Safe passwords, leading to information leak.
Exploit prediction scoring system (EPSS) score for CVE-2017-2723
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 10 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2017-2723
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
2.1
|
LOW | AV:L/AC:L/Au:N/C:P/I:N/A:N |
3.9
|
2.9
|
NIST |
|
6.7
|
MEDIUM | CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
0.8
|
5.9
|
NIST |
CWE ids for CVE-2017-2723
-
The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-2723
-
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170419-01-files-en
Security Advisory - Plaintext Storage of Users’ Safe Passwords in the Files APP in Huawei Mobile PhonesVendor Advisory
Products affected by CVE-2017-2723
- cpe:2.3:a:huawei:files:*:*:*:*:*:*:*:*