Sign-up

ID

VAR-201711-0240


CVE

CVE-2017-2724


TITLE

Huawei P10 Plus and P10 Buffer error vulnerability in smartphone software

Trust: 0.8

sources: JVNDB: JVNDB-2017-010608

DESCRIPTION

Bastet in P10 Plus and P10 smart phones with software earlier than VKY-AL00C00B123 versions, earlier than VTR-AL00C00B123 versions have a buffer overflow vulnerability. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. The APP can modify specific data to cause buffer overflow in the next system reboot, causing continuous system reboot or arbitrary code execution. Huawei P10 Plus and P10 Smartphone software contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HuaweiVicky-AL00A/Victoria-AL00A is Huawei's smartphone. There are multiple local buffer overflow vulnerabilities in Huawei smartphones because it does not perform proper boundary checking on user-supplied input. Local vulnerabilities can exploit these vulnerabilities to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions

Trust: 2.52

sources: NVD: CVE-2017-2724 // JVNDB: JVNDB-2017-010608 // CNVD: CNVD-2017-04677 // BID: 97696 // VULMON: CVE-2017-2724

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-04677

AFFECTED PRODUCTS

vendor:huaweimodel:p10 plusscope:ltversion:vky-al00c00b123

Trust: 1.8

vendor:huaweimodel:p10scope:ltversion:vtr-al00c00b123

Trust: 1.8

vendor:huaweimodel:vicky-al00a <vicky-al00ac00b123scope: - version: -

Trust: 0.6

vendor:huaweimodel:victoria-al00a <victoria-al00ac00b123scope: - version: -

Trust: 0.6

vendor:huaweimodel:victoria-al00ascope:eqversion:0

Trust: 0.3

vendor:huaweimodel:vicky-al00ascope:eqversion:0

Trust: 0.3

vendor:huaweimodel:victoria-al00ac00b123scope:neversion:0

Trust: 0.3

vendor:huaweimodel:vicky-al00ac00b123scope:neversion:0

Trust: 0.3

sources: CNVD: CNVD-2017-04677 // BID: 97696 // JVNDB: JVNDB-2017-010608 // NVD: CVE-2017-2724

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-2724
value: HIGH

Trust: 1.0

NVD: CVE-2017-2724
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-04677
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201704-962
value: CRITICAL

Trust: 0.6

VULMON: CVE-2017-2724
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-2724
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2017-04677
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2017-2724
baseSeverity: HIGH
baseScore: 8.4
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.5
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-04677 // VULMON: CVE-2017-2724 // JVNDB: JVNDB-2017-010608 // CNNVD: CNNVD-201704-962 // NVD: CVE-2017-2724

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.8

sources: JVNDB: JVNDB-2017-010608 // NVD: CVE-2017-2724

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201704-962

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201704-962

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-010608

PATCH
title:huawei-sa-20170405-01-smartphoneurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170405-01-smartphone-en
Trust: 0.8
title:There are multiple buffer overflow vulnerabilities in Huawei's mobile Bastet component.url:https://www.cnvd.org.cn/patchInfo/show/92017
Trust: 0.6
title:Huawei Vicky-AL00A  and Victoria-AL00A Bastet Fix for component buffer error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75149
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-04677 // 
            
            
            
            JVNDB: JVNDB-2017-010608 // 
            
            
            
            CNNVD: CNNVD-201704-962

EXTERNAL IDS
db:NVDid:CVE-2017-2724
Trust: 3.4
db:BIDid:97696
Trust: 2.0
db:JVNDBid:JVNDB-2017-010608
Trust: 0.8
db:CNVDid:CNVD-2017-04677
Trust: 0.6
db:CNNVDid:CNNVD-201704-962
Trust: 0.6
db:VULMONid:CVE-2017-2724
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-04677 // 
            
            
            
            VULMON: CVE-2017-2724 // 
            
            
            
            BID: 97696 // 
            
            
            
            JVNDB: JVNDB-2017-010608 // 
            
            
            
            CNNVD: CNNVD-201704-962 // 
            
            
            
            NVD: CVE-2017-2724

REFERENCES
url:http://www.securityfocus.com/bid/97696
Trust: 1.8
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170405-01-smartphone-en
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2724
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-2724
Trust: 0.8
url:http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20170405-01-smartphone-cn
Trust: 0.6
url:http://www.huawei.com
Trust: 0.3
url:http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170405-01-smartphone-en
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/119.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-04677 // 
            
            
            
            VULMON: CVE-2017-2724 // 
            
            
            
            BID: 97696 // 
            
            
            
            JVNDB: JVNDB-2017-010608 // 
            
            
            
            CNNVD: CNNVD-201704-962 // 
            
            
            
            NVD: CVE-2017-2724

CREDITS
ADLab of Venustech.
Trust: 0.9
sources:
            
            
            BID: 97696 // 
            
            
            
            CNNVD: CNNVD-201704-962

SOURCES
db:CNVDid:CNVD-2017-04677
db:VULMONid:CVE-2017-2724
db:BIDid:97696
db:JVNDBid:JVNDB-2017-010608
db:CNNVDid:CNNVD-201704-962
db:NVDid:CVE-2017-2724

LAST UPDATE DATE
2024-11-23T22:12:48.151000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-04677date:2017-04-19T00:00:00
db:VULMONid:CVE-2017-2724date:2017-12-08T00:00:00
db:BIDid:97696date:2017-04-18T00:07:00
db:JVNDBid:JVNDB-2017-010608date:2017-12-20T00:00:00
db:CNNVDid:CNNVD-201704-962date:2017-12-26T00:00:00
db:NVDid:CVE-2017-2724date:2024-11-21T03:24:03.457

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-04677date:2017-04-19T00:00:00
db:VULMONid:CVE-2017-2724date:2017-11-22T00:00:00
db:BIDid:97696date:2017-04-05T00:00:00
db:JVNDBid:JVNDB-2017-010608date:2017-12-20T00:00:00
db:CNNVDid:CNNVD-201704-962date:2017-04-05T00:00:00
db:NVDid:CVE-2017-2724date:2017-11-22T19:29:01.507