Sign-up

ID

VAR-201711-0242


CVE

CVE-2017-2726


TITLE

Huawei P10 Plus and P10 Buffer error vulnerability in smartphone software

Trust: 0.8

sources: JVNDB: JVNDB-2017-010610

DESCRIPTION

Bastet in P10 Plus and P10 smart phones with software earlier than VKY-AL00C00B123 versions, earlier than VTR-AL00C00B123 versions have a buffer overflow vulnerability. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. The APP can modify specific data to cause buffer overflow in the next system reboot, causing continuous system reboot or arbitrary code execution. Huawei P10 Plus and P10 Smartphone software contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HuaweiVicky-AL00A/Victoria-AL00A is Huawei's smartphone. A buffer overflow vulnerability exists in the Bastet of the HuaweiVicky-AL00A/Victoria-AL00A phone due to lack of parameter checking. Huawei Smart Phones are prone to multiple local buffer-overflow vulnerabilities because it fails to adequate boundary checks on user-supplied input. Local attackers can exploit these issues to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions

Trust: 2.52

sources: NVD: CVE-2017-2726 // JVNDB: JVNDB-2017-010610 // CNVD: CNVD-2017-04679 // BID: 97696 // VULMON: CVE-2017-2726

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-04679

AFFECTED PRODUCTS

vendor:huaweimodel:p10 plusscope:ltversion:vky-al00c00b123

Trust: 1.8

vendor:huaweimodel:p10scope:ltversion:vtr-al00c00b123

Trust: 1.8

vendor:huaweimodel:vicky-al00a <vicky-al00ac00b123scope: - version: -

Trust: 0.6

vendor:huaweimodel:victoria-al00a <victoria-al00ac00b123scope: - version: -

Trust: 0.6

vendor:huaweimodel:victoria-al00ascope:eqversion:0

Trust: 0.3

vendor:huaweimodel:vicky-al00ascope:eqversion:0

Trust: 0.3

vendor:huaweimodel:victoria-al00ac00b123scope:neversion:0

Trust: 0.3

vendor:huaweimodel:vicky-al00ac00b123scope:neversion:0

Trust: 0.3

sources: CNVD: CNVD-2017-04679 // BID: 97696 // JVNDB: JVNDB-2017-010610 // NVD: CVE-2017-2726

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-2726
value: HIGH

Trust: 1.0

NVD: CVE-2017-2726
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-04679
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201704-964
value: CRITICAL

Trust: 0.6

VULMON: CVE-2017-2726
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-2726
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2017-04679
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2017-2726
baseSeverity: HIGH
baseScore: 8.4
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.5
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-04679 // VULMON: CVE-2017-2726 // JVNDB: JVNDB-2017-010610 // CNNVD: CNNVD-201704-964 // NVD: CVE-2017-2726

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.8

sources: JVNDB: JVNDB-2017-010610 // NVD: CVE-2017-2726

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201704-964

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201704-964

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-010610

PATCH
title:huawei-sa-20170405-01-smartphoneurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170405-01-smartphone-en
Trust: 0.8
title:There are multiple buffer overflow vulnerabilities (CNVD-2017-04679) patch for Huawei Mobile Bastet component.url:https://www.cnvd.org.cn/patchInfo/show/92019
Trust: 0.6
title:Huawei Vicky-AL00A  and Victoria-AL00A Bastet Fix for component buffer error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75151
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-04679 // 
            
            
            
            JVNDB: JVNDB-2017-010610 // 
            
            
            
            CNNVD: CNNVD-201704-964

EXTERNAL IDS
db:NVDid:CVE-2017-2726
Trust: 3.4
db:BIDid:97696
Trust: 2.0
db:JVNDBid:JVNDB-2017-010610
Trust: 0.8
db:CNVDid:CNVD-2017-04679
Trust: 0.6
db:CNNVDid:CNNVD-201704-964
Trust: 0.6
db:VULMONid:CVE-2017-2726
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-04679 // 
            
            
            
            VULMON: CVE-2017-2726 // 
            
            
            
            BID: 97696 // 
            
            
            
            JVNDB: JVNDB-2017-010610 // 
            
            
            
            CNNVD: CNNVD-201704-964 // 
            
            
            
            NVD: CVE-2017-2726

REFERENCES
url:http://www.securityfocus.com/bid/97696
Trust: 1.8
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170405-01-smartphone-en
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2726
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-2726
Trust: 0.8
url:http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20170405-01-smartphone-cn
Trust: 0.6
url:http://www.huawei.com
Trust: 0.3
url:http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170405-01-smartphone-en
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/119.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-04679 // 
            
            
            
            VULMON: CVE-2017-2726 // 
            
            
            
            BID: 97696 // 
            
            
            
            JVNDB: JVNDB-2017-010610 // 
            
            
            
            CNNVD: CNNVD-201704-964 // 
            
            
            
            NVD: CVE-2017-2726

CREDITS
ADLab of Venustech.
Trust: 0.9
sources:
            
            
            BID: 97696 // 
            
            
            
            CNNVD: CNNVD-201704-964

SOURCES
db:CNVDid:CNVD-2017-04679
db:VULMONid:CVE-2017-2726
db:BIDid:97696
db:JVNDBid:JVNDB-2017-010610
db:CNNVDid:CNNVD-201704-964
db:NVDid:CVE-2017-2726

LAST UPDATE DATE
2024-11-23T22:12:48.186000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-04679date:2017-04-19T00:00:00
db:VULMONid:CVE-2017-2726date:2017-12-08T00:00:00
db:BIDid:97696date:2017-04-18T00:07:00
db:JVNDBid:JVNDB-2017-010610date:2017-12-20T00:00:00
db:CNNVDid:CNNVD-201704-964date:2017-12-26T00:00:00
db:NVDid:CVE-2017-2726date:2024-11-21T03:24:03.707

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-04679date:2017-04-19T00:00:00
db:VULMONid:CVE-2017-2726date:2017-11-22T00:00:00
db:BIDid:97696date:2017-04-05T00:00:00
db:JVNDBid:JVNDB-2017-010610date:2017-12-20T00:00:00
db:CNNVDid:CNNVD-201704-964date:2017-04-05T00:00:00
db:NVDid:CVE-2017-2726date:2017-11-22T19:29:01.583