Lucene search

K
huaweiHuawei TechnologiesHUAWEI-SA-20151124-01-SMARTPHONE
HistoryNov 24, 2015 - 12:00 a.m.

Security Advisory - Memory Overflow Vulnerability in the Huawei Smartphone

2015-11-2400:00:00
Huawei Technologies
www.huawei.com
22

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.004

Percentile

73.7%

There has a memory overflow vulnerability in Some Huawei mobile phone products. An attacker may exploit this vulnerability to gain the root access over the mobile phones. Then the attacker can further modify memory data and obtain sensitive information. (Vulnerability ID: HWPSIRT-2015-10046)

This vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID: CVE-2015-0569,CVE-2015-0570,CVE-2015-0571.

Huawei has released software updates to fix these vulnerabilities. This advisory is available at the following link:

http://www.huawei.com/en/psirt/security-advisories/hw-462918

Affected configurations

Vulners
Node
huaweihonor_6_firmwareRange<SCL-AL00
OR
huaweihonor_6_firmwareRange<C00B200
OR
huaweihonor_6_firmwareRange<SCL-TL10H
OR
huaweihonor_6_firmwareRange<C00B200
OR
huaweihonor_6_firmwareRange<SCL-TL10
OR
huaweihonor_6_firmwareRange<C01B200
OR
huaweihonor_6_firmwareRange<SCL-CL00
OR
huaweihonor_6_firmwareRange<C92B200
VendorProductVersionCPE
huaweihonor_6_firmware*cpe:2.3:o:huawei:honor_6_firmware:*:*:*:*:*:*:*:*

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.004

Percentile

73.7%