Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2017-8144
HistoryNov 22, 2017 - 7:29 p.m.

CVE-2017-8144

2017-11-2219:29:03
CWE-920
[email protected]
web.nvd.nist.gov
31
cve-2017-8144
huawei
smartphones
resource exhaustion
vulnerability
configuration setting
security
nvd

7.1 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

5.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

23.5%

JSON

Honor 5A,Honor 8 Lite,Mate9,Mate9 Pro,P10,P10 Plus Huawei smartphones with software the versions before CAM-L03C605B143CUSTC605D003,the versions before Prague-L03C605B161,the versions before Prague-L23C605B160,the versions before MHA-AL00C00B225,the versions before LON-AL00C00B225,the versions before VTR-AL00C00B167,the versions before VTR-TL00C01B167,the versions before VKY-AL00C00B167,the versions before VKY-TL00C01B167 have a resource exhaustion vulnerability due to configure setting. An attacker tricks a user into installing a malicious application, the application may turn on the device flash-light and rapidly drain the device battery.

Affected configurations

NVD
Node
huaweihonor_5a_firmwareRange<cam-l03c605b143custc605d003
AND
huaweihonor_5aMatch-
Node
huaweihonor_8_lite_firmwareRange<prague-l03c605b161
AND
huaweihonor_8_liteMatch-
Node
huaweihonor_8_lite_firmwareRange<prague-l23c605b160
AND
huaweihonor_8_liteMatch-
Node
huaweimate_9_firmwareRange<mha-al00c00b225
AND
huaweimate_9Match-
Node
huaweimate_9_pro_firmwareRange<lon-al00c00b225
AND
huaweimate_9_proMatch-
Node
huaweip10_firmwareRange<vtr-al00c00b167
AND
huaweip10Match-
Node
huaweip10_firmwareRange<vtr-tl00c01b167
AND
huaweip10Match-
Node
huaweip10_plus_firmwareRange<vky-al00c00b167
AND
huaweip10_plusMatch-
Node
huaweip10_plus_firmwareRange<vky-tl00c01b167
AND
huaweip10_plusMatch-

CNA Affected

[
  {
    "product": "Honor 5A,Honor 8 Lite,Mate9,Mate9 Pro,P10,P10 Plus",
    "vendor": "Huawei Technologies Co., Ltd.",
    "versions": [
      {
        "status": "affected",
        "version": "The versions before CAM-L03C605B143CUSTC605D003,The versions before Prague-L03C605B161,The versions before Prague-L23C605B160,The versions before MHA-AL00C00B225,The versions before LON-AL00C00B225,The versions before VTR-AL00C00B167,The versions before VTR-TL00C01B167,The versions before VKY-AL00C00B167,The versions before VKY-TL00C01B167"
      }
    ]
  }
]

Related

prion 1
cvelist 1
nvd 1
huawei 1
prion
prion
Privilege escalation
2017-11-22 19:29:00
cvelist
cvelist
CVE-2017-8144
2017-11-15 00:00:00
nvd
nvd
CVE-2017-8144
2017-11-22 19:29:03
huawei
huawei
Security Advisory - Resource Exhaustion Vulnerability in Some Huawei Smartphones
2017-07-25 00:00:00

7.1 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

5.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

23.5%

JSON
Related for CVE-2017-8144
prion1cvelist1nvd1huawei1