Lucene search

[email protected]CVE-2017-17171

HistoryJun 01, 2018 - 2:29 p.m.

CVE-2017-17171

2018-06-0114:29:00

CWE-20

[email protected]

web.nvd.nist.gov

huawei

smartphones

denial of service

vulnerability

improper processing

malicious parameters

dos

apk

pre-installed app

specific permissions

exploit

system restart

nvd

6.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:N/I:N/A:C

4.2 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H

4.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

Some Huawei smart phones have the denial of service (DoS) vulnerability due to the improper processing of malicious parameters. An attacker may trick a target user into installing a malicious APK and launch attacks using a pre-installed app with specific permissions. Successful exploit could allow the app to send specific parameters to the smart phone driver, which will result in system restart.

Affected configurations

NVD

Node

huaweimate_8_firmwareRange<nxt-al10c00b593

AND

huaweimate_8Match-

Node

huaweimate_8_firmwareRange<nxt-cl00c92b593

AND

huaweimate_8Match-

Node

huaweimate_8_firmwareRange<nxt-dl00c17b593

AND

huaweimate_8Match-

Node

huaweimate_8_firmwareRange<nxt-l09c636b598a

AND

huaweimate_8Match-

Node

huaweimate_8_firmwareRange<nxt-l09c185b583

AND

huaweimate_8Match-

Node

huaweimate_8_firmwareRange<nxt-l09c432b582

AND

huaweimate_8Match-

Node

huaweimate_8_firmwareRange<nxt-l09c605b585custc605d590

AND

huaweimate_8Match-

Node

huaweimate_8_firmwareRange<nxt-l29c10b583

AND

huaweimate_8Match-

Node

huaweimate_8_firmwareRange<nxt-l29c185b585

AND

huaweimate_8Match-

Node

huaweimate_8_firmwareRange<nxt-l29c636b594a

AND

huaweimate_8Match-

Node

huaweimate_8_firmwareRange<nxtl00c01b593

AND

huaweimate_8Match-

Node

huaweip9_firmwareRange<eva-al00c00b398

AND

huaweip9Match-

Node

huaweip9_firmwareRange<eva-al10c00b398

AND

huaweip9Match-

Node

huaweip9_firmwareRange<eva-cl00c92b398

AND

huaweip9Match-

Node

huaweip9_firmwareRange<eva-dl00c17b398

AND

huaweip9Match-

Node

huaweip9_firmwareRange<eva-l09c185b391

AND

huaweip9Match-

Node

huaweip9_firmwareRange<eva-l09c432b395

AND

huaweip9Match-

Node

huaweip9_firmwareRange<eva-l09c464b383

AND

huaweip9Match-

Node

huaweip9_firmwareRange<eva-l09c605b392

AND

huaweip9Match-

Node

huaweip9_firmwareRange≤eva-l09c636b388

AND

huaweip9Match-

Node

huaweip9_firmwareRange<eva-l19c10b394

AND

huaweip9Match-

Node

huaweip9_firmwareRange<eva-l19c432b392

AND

huaweip9Match-

Node

huaweip9_firmwareRange<eva-l19c605b390

AND

huaweip9Match-

Node

huaweip9_firmwareRange<eva-l19c636b393

AND

huaweip9Match-

Node

huaweip9_firmwareRange<eva-l29c636b389

AND

huaweip9Match-

Node

huaweip9_firmwareRange<eva-tl00c01b398

AND

huaweip9Match-

Node

huaweip9_plus_firmwareRange<vie-l09c318b182

AND

huaweip9_plusMatch-

Node

huaweip9_plus_firmwareRange<vie-l09c432b380

AND

huaweip9_plusMatch-

Node

huaweip9_plus_firmwareRange<vie-l09c576b180

AND

huaweip9_plusMatch-

Node

huaweip9_plus_firmwareRange<vie-l29c605b370

AND

huaweip9_plusMatch-

Node

huaweip9_plus_firmwareRange<vie-l29c636b388

AND

huaweip9_plusMatch-

CPENameOperatorVersion
huawei:mate_8_firmwarehuawei mate 8 firmwareltnxt-al10c00b593

CPE	Name	Operator	Version
huawei:mate_8_firmware	huawei mate 8 firmware	lt	nxt-al10c00b593

CNA Affected

[
  {
    "product": "HUAWEI Mate 8; HUAWEI P9; HUAWEI P9 Plus",
    "vendor": "Huawei Technologies Co., Ltd.",
    "versions": [
      {
        "status": "affected",
        "version": "HUAWEI Mate 8 Versions earlier than NXT-AL10C00B592"
      },
      {
        "status": "affected",
        "version": "Versions earlier than NXT-CL00C92B592"
      },
      {
        "status": "affected",
        "version": "Versions earlier than NXT-DL00C17B592"
      },
      {
        "status": "affected",
        "version": "Versions earlier than NXT-L09AC636B220"
      },
      {
        "status": "affected",
        "version": "Versions earlier than NXT-L09C185B582"
      },
      {
        "status": "affected",
        "version": "Versions earlier than NXT-L09C432B581"
      },
      {
        "status": "affected",
        "version": "Versions earlier than NXT-L09C605B585"
      },
      {
        "status": "affected",
        "version": "Versions earlier than NXT-L29C10B580"
      },
      {
        "status": "affected",
        "version": "Versions earlier than NXT-L29C185B582"
      },
      {
        "status": "affected",
        "version": "Versions earlier than NXT-L29C636B589"
      },
      {
        "status": "affected",
        "version": "Versions earlier than NXT-TL00C01B592"
      },
      {
        "status": "affected",
        "version": "HUAWEI P9 Versions earlier than EVA-AL00C00B398"
      },
      {
        "status": "affected",
        "version": "Versions earlier than EVA-AL10C00B398"
      },
      {
        "status": "affected",
        "version": "Versions earlier than EVA-CL00C92B398"
      },
      {
        "status": "affected",
        "version": "Versions earlier than EVA-DL00C17B398"
      },
      {
        "status": "affected",
        "version": "Versions earlier than EVA-L09C185B391"
      },
      {
        "status": "affected",
        "version": "Versions earlier than EVA-L09C432B395"
      },
      {
        "status": "affected",
        "version": "Versions earlier than EVA-L09C464B383"
      },
      {
        "status": "affected",
        "version": "Versions earlier than EVA-L09C605B392"
      },
      {
        "status": "affected",
        "version": "Versions earlier than EVA-L09C635B391"
      },
      {
        "status": "affected",
        "version": "Versions earlier than EVA-L09C636B388"
      },
      {
        "status": "affected",
        "version": "Versions earlier than EVA-L19C10B394"
      },
      {
        "status": "affected",
        "version": "Versions earlier than EVA-L19C432B392"
      },
      {
        "status": "affected",
        "version": "Versions earlier than EVA-L19C605B390"
      },
      {
        "status": "affected",
        "version": "Versions earlier than EVA-L19C636B393"
      },
      {
        "status": "affected",
        "version": "Versions earlier than EVA-L29C636B389"
      },
      {
        "status": "affected",
        "version": "Versions earlier than EVA-TL00C01B398"
      },
      {
        "status": "affected",
        "version": "HUAWEI P9 Plus Versions earlier than VIE-L09C318B182"
      },
      {
        "status": "affected",
        "version": "Versions earlier than VIE-L09C432B380"
      },
      {
        "status": "affected",
        "version": "Versions earlier than VIE-L09C576B180"
      },
      {
        "status": "affected",
        "version": "Versions earlier than VIE-L29C605B370"
      },
      {
        "status": "affected",
        "version": "Versions earlier than VIE-L29C636B388"
      }
    ]
  }
]

References

www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-01-smartphone

www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-01-smartphone-en

6.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:N/I:N/A:C

4.2 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H

4.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

Related for CVE-2017-17171

prion1 nvd1 cvelist1 huawei1