Sign-up

ID

VAR-201703-0843


CVE

CVE-2017-0509


TITLE

Broadcom Wi-Fi Vulnerability that could elevate privileges in drivers

Trust: 0.8

sources: JVNDB: JVNDB-2017-002030

DESCRIPTION

An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-32124445. References: B-RB#110688. HuaweiSmartPhoneP9 is a smartphone from China's Huawei company. WifiDriver is its wireless network card driver. A local buffer overflow vulnerability exists in previous versions of HuaweiSmartPhoneP9EVA-AL10C00B352. This leads to a denial of service condition. The attacker can induce the user to install a malicious application, so that the application can use the vulnerability to send specific parameters to the mobile phone, resulting in system restart or user privilege escalation. Huawei Smart Phone P9 is prone to a local buffer-overflow vulnerability. Versions prior to Huawei P9 EVA-AL10C00B352 is vulnerable. This vulnerability also affects Google Android devices and is tracked by Android Bug ID A-32124445

Trust: 3.33

sources: NVD: CVE-2017-0509 // JVNDB: JVNDB-2017-002030 // CNVD: CNVD-2016-12998 // CNVD: CNVD-2016-12340 // BID: 94943 // BID: 96797 // VULMON: CVE-2017-0509

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 1.2

sources: CNVD: CNVD-2016-12998 // CNVD: CNVD-2016-12340

AFFECTED PRODUCTS

vendor:googlemodel:androidscope:eqversion:7.1.1

Trust: 1.2

vendor:googlemodel:androidscope:lteversion:7.1.1

Trust: 1.0

vendor:googlemodel:androidscope: - version: -

Trust: 0.8

vendor:huaweimodel:smart phone p9 <eva-al10c00b352scope: - version: -

Trust: 0.6

vendor:huaweimodel:p9 <eva-al10c00b352scope: - version: -

Trust: 0.6

vendor:googlemodel:androidscope:eqversion:7.1.0

Trust: 0.6

vendor:huaweimodel:p9 eva-al10c00b195scope: - version: -

Trust: 0.3

vendor:huaweimodel:p9 eva-al10c00b193scope: - version: -

Trust: 0.3

vendor:huaweimodel:p9 eva-al10c00b192scope: - version: -

Trust: 0.3

vendor:huaweimodel:p9 eva-al10c00b190scope: - version: -

Trust: 0.3

vendor:huaweimodel:p9 eva-al10c00scope: - version: -

Trust: 0.3

vendor:huaweimodel:p9 eva-al00c00b352scope: - version: -

Trust: 0.3

vendor:huaweimodel:p9 eva-al10c00b352scope:neversion: -

Trust: 0.3

sources: CNVD: CNVD-2016-12998 // CNVD: CNVD-2016-12340 // BID: 94943 // BID: 96797 // JVNDB: JVNDB-2017-002030 // CNNVD: CNNVD-201702-613 // NVD: CVE-2017-0509

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-0509
value: HIGH

Trust: 1.0

NVD: CVE-2017-0509
value: HIGH

Trust: 0.8

CNVD: CNVD-2016-12998
value: HIGH

Trust: 0.6

CNVD: CNVD-2016-12340
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201702-613
value: HIGH

Trust: 0.6

VULMON: CVE-2017-0509
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-0509
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2016-12998
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

CNVD: CNVD-2016-12340
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2017-0509
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2016-12998 // CNVD: CNVD-2016-12340 // VULMON: CVE-2017-0509 // JVNDB: JVNDB-2017-002030 // CNNVD: CNNVD-201702-613 // NVD: CVE-2017-0509

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-264

Trust: 0.8

sources: JVNDB: JVNDB-2017-002030 // NVD: CVE-2017-0509

THREAT TYPE

local

Trust: 0.9

sources: BID: 94943 // CNNVD: CNNVD-201702-613

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201702-613

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-002030

PATCH
title:Android Security Bulletin-March 2017url:https://source.android.com/security/bulletin/2017-03-01.html
Trust: 0.8
title:HuaweiSmartPhoneP9Wi-FIDriver Local Buffer Overflow Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/86617
Trust: 0.6
title:HuaweiP9 mobile Wi-Fi driver has a buffer overflow vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/85908
Trust: 0.6
title:Android Broadcom Wi-Fi Fixes for driver permission and access control vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=68202
Trust: 0.6
title:Android Security Bulletins: Android Security Bulletin—March 2017url:https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins&qid=65d776aaa82a91341631d2aa61736067
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-12998 // 
            
            
            
            CNVD: CNVD-2016-12340 // 
            
            
            
            VULMON: CVE-2017-0509 // 
            
            
            
            JVNDB: JVNDB-2017-002030 // 
            
            
            
            CNNVD: CNNVD-201702-613

EXTERNAL IDS
db:NVDid:CVE-2017-0509
Trust: 3.7
db:BIDid:94943
Trust: 2.6
db:BIDid:96797
Trust: 2.0
db:SECTRACKid:1037968
Trust: 1.7
db:JVNDBid:JVNDB-2017-002030
Trust: 0.8
db:CNVDid:CNVD-2016-12998
Trust: 0.6
db:CNVDid:CNVD-2016-12340
Trust: 0.6
db:CNNVDid:CNNVD-201702-613
Trust: 0.6
db:VULMONid:CVE-2017-0509
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-12998 // 
            
            
            
            CNVD: CNVD-2016-12340 // 
            
            
            
            VULMON: CVE-2017-0509 // 
            
            
            
            BID: 94943 // 
            
            
            
            BID: 96797 // 
            
            
            
            JVNDB: JVNDB-2017-002030 // 
            
            
            
            CNNVD: CNNVD-201702-613 // 
            
            
            
            NVD: CVE-2017-0509

REFERENCES
url:http://www.securityfocus.com/bid/94943
Trust: 3.0
url:http://www.securityfocus.com/bid/96797
Trust: 2.9
url:https://source.android.com/security/bulletin/2017-03-01.html
Trust: 2.4
url:http://www.securitytracker.com/id/1037968
Trust: 1.7
url:https://source.android.com/security/bulletin/2017-03-01
Trust: 1.1
url:http://code.google.com/android/
Trust: 0.9
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0509
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-0509
Trust: 0.8
url:http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20161214-02-smartphone-cn
Trust: 0.6
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161214-02-smartphone-en
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-12998 // 
            
            
            
            CNVD: CNVD-2016-12340 // 
            
            
            
            VULMON: CVE-2017-0509 // 
            
            
            
            BID: 94943 // 
            
            
            
            BID: 96797 // 
            
            
            
            JVNDB: JVNDB-2017-002030 // 
            
            
            
            CNNVD: CNNVD-201702-613 // 
            
            
            
            NVD: CVE-2017-0509

CREDITS
Gengjia Chen (@chengjia4574) and pjf of IceSword Lab,Gengjia Chen from Icesword Lab of Qihoo 360 Technology Co. Ltd., Qihoo 360 Technology Co. Ltd.
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201702-613

SOURCES
db:CNVDid:CNVD-2016-12998
db:CNVDid:CNVD-2016-12340
db:VULMONid:CVE-2017-0509
db:BIDid:94943
db:BIDid:96797
db:JVNDBid:JVNDB-2017-002030
db:CNNVDid:CNNVD-201702-613
db:NVDid:CVE-2017-0509

LAST UPDATE DATE
2024-08-14T12:04:25.698000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-12998date:2016-12-26T00:00:00
db:CNVDid:CNVD-2016-12340date:2016-12-15T00:00:00
db:VULMONid:CVE-2017-0509date:2019-10-03T00:00:00
db:BIDid:94943date:2019-05-30T16:00:00
db:BIDid:96797date:2019-05-30T16:00:00
db:JVNDBid:JVNDB-2017-002030date:2017-03-27T00:00:00
db:CNNVDid:CNNVD-201702-613date:2019-10-23T00:00:00
db:NVDid:CVE-2017-0509date:2019-10-03T00:03:26.223

SOURCES RELEASE DATE
db:CNVDid:CNVD-2016-12998date:2016-12-26T00:00:00
db:CNVDid:CNVD-2016-12340date:2016-12-15T00:00:00
db:VULMONid:CVE-2017-0509date:2017-03-08T00:00:00
db:BIDid:94943date:2016-12-14T00:00:00
db:BIDid:96797date:2017-03-06T00:00:00
db:JVNDBid:JVNDB-2017-002030date:2017-03-27T00:00:00
db:CNNVDid:CNNVD-201702-613date:2017-02-20T00:00:00
db:NVDid:CVE-2017-0509date:2017-03-08T01:59:02.407