Sign-up

ID

VAR-201711-0229


CVE

CVE-2017-2713


TITLE

HUAWEI P9 Vulnerability related to input validation in smartphone software

Trust: 0.8

sources: JVNDB: JVNDB-2017-010807

DESCRIPTION

HUAWEI P9 smartphones with software versions earlier before EVA-L09C432B383, versions earlier before EVA-L09C636B380, versions earlier before VIE-L09C432B370, versions earlier before VIE-L29C636B370 have an insufficient input validation vulnerability. An attacker could exploit this vulnerability to tamper with air interface signaling messages and obtain some communication information. HUAWEI P9 Smartphone software contains a vulnerability related to input validation.Information may be obtained and information may be altered. HuaweiP9 is a smartphone from Huawei. The HuaweiP9 has an input verification vulnerability. The Huawei P9 is a smartphone from the Chinese company Huawei. Audio driver is one of the audio drivers. There is a security vulnerability in Huawei P9, the vulnerability is caused by the program not adequately validating the fields in the message

Trust: 2.25

sources: NVD: CVE-2017-2713 // JVNDB: JVNDB-2017-010807 // CNVD: CNVD-2017-05863 // VULHUB: VHN-110916

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-05863

AFFECTED PRODUCTS

vendor:huaweimodel:p9scope:ltversion:eva-l09c432b383

Trust: 1.8

vendor:huaweimodel:p9scope:ltversion:eva-l09c636b380

Trust: 1.8

vendor:huaweimodel:p9scope:ltversion:vie-l09c432b370

Trust: 1.8

vendor:huaweimodel:p9scope:ltversion:vie-l29c636b370

Trust: 1.8

vendor:huaweimodel:p9 <=eva-l09c432b383scope: - version: -

Trust: 0.6

vendor:huaweimodel:p9 <=eva-l09c636b380scope: - version: -

Trust: 0.6

vendor:huaweimodel:p9 <=vie-l09c432b370scope: - version: -

Trust: 0.6

vendor:huaweimodel:p9 <=vie-l29c636b370scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2017-05863 // JVNDB: JVNDB-2017-010807 // NVD: CVE-2017-2713

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-2713
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-2713
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2017-05863
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201711-1011
value: MEDIUM

Trust: 0.6

VULHUB: VHN-110916
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-2713
severity: MEDIUM
baseScore: 4.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-05863
severity: MEDIUM
baseScore: 4.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-110916
severity: MEDIUM
baseScore: 4.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-2713
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.5
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-05863 // VULHUB: VHN-110916 // JVNDB: JVNDB-2017-010807 // CNNVD: CNNVD-201711-1011 // NVD: CVE-2017-2713

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-110916 // JVNDB: JVNDB-2017-010807 // NVD: CVE-2017-2713

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201711-1011

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201711-1011

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-010807

PATCH
title:huawei-sa-20170419-01-smartphoneurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170419-01-smartphone-en
Trust: 0.8
title:HuaweiP9 enters the patch for the verification vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/93142
Trust: 0.6
title:Huawei P9 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76721
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-05863 // 
            
            
            
            JVNDB: JVNDB-2017-010807 // 
            
            
            
            CNNVD: CNNVD-201711-1011

EXTERNAL IDS
db:NVDid:CVE-2017-2713
Trust: 3.1
db:JVNDBid:JVNDB-2017-010807
Trust: 0.8
db:CNNVDid:CNNVD-201711-1011
Trust: 0.7
db:CNVDid:CNVD-2017-05863
Trust: 0.6
db:VULHUBid:VHN-110916
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-05863 // 
            
            
            
            VULHUB: VHN-110916 // 
            
            
            
            JVNDB: JVNDB-2017-010807 // 
            
            
            
            CNNVD: CNNVD-201711-1011 // 
            
            
            
            NVD: CVE-2017-2713

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170419-01-smartphone-en
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2713
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-2713
Trust: 0.8
url:http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20170420-01-fusionsphere-cn
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-05863 // 
            
            
            
            VULHUB: VHN-110916 // 
            
            
            
            JVNDB: JVNDB-2017-010807 // 
            
            
            
            CNNVD: CNNVD-201711-1011 // 
            
            
            
            NVD: CVE-2017-2713

SOURCES
db:CNVDid:CNVD-2017-05863
db:VULHUBid:VHN-110916
db:JVNDBid:JVNDB-2017-010807
db:CNNVDid:CNNVD-201711-1011
db:NVDid:CVE-2017-2713

LAST UPDATE DATE
2024-11-23T22:59:09.830000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-05863date:2017-05-04T00:00:00
db:VULHUBid:VHN-110916date:2017-12-12T00:00:00
db:JVNDBid:JVNDB-2017-010807date:2017-12-25T00:00:00
db:CNNVDid:CNNVD-201711-1011date:2017-11-23T00:00:00
db:NVDid:CVE-2017-2713date:2024-11-21T03:24:02.110

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-05863date:2017-05-04T00:00:00
db:VULHUBid:VHN-110916date:2017-11-22T00:00:00
db:JVNDBid:JVNDB-2017-010807date:2017-12-25T00:00:00
db:CNNVDid:CNNVD-201711-1011date:2017-11-23T00:00:00
db:NVDid:CVE-2017-2713date:2017-11-22T19:29:01.053