Lucene search

K
huaweiHuawei TechnologiesHUAWEI-SA-20170405-01-SMARTPHONE
HistoryApr 05, 2017 - 12:00 a.m.

Security Advisory - Multiple Buffer Overflow Vulnerabilities in Bastet of Huawei Smart Phone

2017-04-0500:00:00
Huawei Technologies
www.huawei.com
27

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

8.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

42.8%

The Bastet of some Huawei mobile phones have three buffer overflow vulnerabilities due to the lack of parameter validation. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. The APP can modify specific data to cause buffer overflow in the next system reboot, causing continuous system reboot or arbitrary code execution. (Vulnerability ID: HWPSIRT-2017-02018,HWPSIRT-2017-02019 and HWPSIRT-2017-02020)

These vulnerabilities have been assigned Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-2724,CVE-2017-2725 and CVE-2017-2726.

Huawei has released software updates to fix these vulnerabilities. This advisory is available at the following link:

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170405-01-smartphone-en

Affected configurations

Vulners
Node
huaweip10_plusMatchvky-al00c00b123
OR
huaweip10Range<VTR-AL00C00B123

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

8.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

42.8%

Related for HUAWEI-SA-20170405-01-SMARTPHONE