Details of VAR-201711-0982

ID

VAR-201711-0982

CVE

CVE-2017-8144

TITLE

plural Huawei Vulnerability related to resource management in smartphone software

Trust: 0.8

sources: JVNDB: JVNDB-2017-010809

DESCRIPTION

Honor 5A,Honor 8 Lite,Mate9,Mate9 Pro,P10,P10 Plus Huawei smartphones with software the versions before CAM-L03C605B143CUSTC605D003,the versions before Prague-L03C605B161,the versions before Prague-L23C605B160,the versions before MHA-AL00C00B225,the versions before LON-AL00C00B225,the versions before VTR-AL00C00B167,the versions before VTR-TL00C01B167,the versions before VKY-AL00C00B167,the versions before VKY-TL00C01B167 have a resource exhaustion vulnerability due to configure setting. An attacker tricks a user into installing a malicious application, the application may turn on the device flash-light and rapidly drain the device battery. plural Huawei Smartphone software contains a resource management vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. HuaweiP9 and other are all Huawei smartphones from China. There are resource consumption vulnerabilities in various Huawei phones. Huawei Honor Play 5A, etc. are all smartphone products of the Chinese company Huawei. The following products and versions are affected: Huawei Honor Play 5A CAM-L03C605B143CUSTC605D003 and earlier versions; Honor 8 Youth Edition Prague-L03C605B161 and earlier Prague-L23C605B160 versions; Mate9 MHA-AL00C00B225 and earlier versions; Mate9 Pro LON-AL00C00B225 Versions before; P10 VTR-AL00C00B167 and VTR-TL00C01B167; P10 Plus VKY-AL00C00B167 and VKY-TL00C01B167

Trust: 2.25

sources: NVD: CVE-2017-8144 // JVNDB: JVNDB-2017-010809 // CNVD: CNVD-2017-19186 // VULHUB: VHN-116347

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-19186

AFFECTED PRODUCTS

vendor:	huawei	model:	honor 5a	scope:	lt	version:	cam-l03c605b143custc605d003	Trust: 1.8
vendor:	huawei	model:	honor 8 lite	scope:	lt	version:	prague-l03c605b161	Trust: 1.8
vendor:	huawei	model:	honor 8 lite	scope:	lt	version:	prague-l23c605b160	Trust: 1.8
vendor:	huawei	model:	mate 9 pro	scope:	lt	version:	lon-al00c00b225	Trust: 1.8
vendor:	huawei	model:	mate 9	scope:	lt	version:	mha-al00c00b225	Trust: 1.8
vendor:	huawei	model:	p10 plus	scope:	lt	version:	vky-al00c00b167	Trust: 1.8
vendor:	huawei	model:	p10 plus	scope:	lt	version:	vky-tl00c01b167	Trust: 1.8
vendor:	huawei	model:	p10	scope:	lt	version:	vtr-al00c00b167	Trust: 1.8
vendor:	huawei	model:	p10	scope:	lt	version:	vtr-tl00c01b167	Trust: 1.8
vendor:	huawei	model:	p10 plus vky-al00c00b167	scope:	lt	version:	-	Trust: 0.6
vendor:	huawei	model:	p10 plus vky-tl00c01b167	scope:	lt	version:	-	Trust: 0.6
vendor:	huawei	model:	p10 vtr-al00c00b167	scope:	lt	version:	-	Trust: 0.6
vendor:	huawei	model:	p10 vtr-tl00c01b167	scope:	lt	version:	-	Trust: 0.6
vendor:	huawei	model:	mate <mha-al00c00b225	scope:	eq	version:	9	Trust: 0.6
vendor:	huawei	model:	mate pro lon-al00c00b225	scope:	eq	version:	9<	Trust: 0.6
vendor:	huawei	model:	honor 5a cam-l03c605b143custc605d003	scope:	lt	version:	-	Trust: 0.6
vendor:	huawei	model:	honor youth edition prague-l03c605b161	scope:	eq	version:	8<	Trust: 0.6
vendor:	huawei	model:	honor youth edition prague-l23c605b160	scope:	eq	version:	8<	Trust: 0.6

sources: CNVD: CNVD-2017-19186 // JVNDB: JVNDB-2017-010809 // NVD: CVE-2017-8144

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-8144
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-8144
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2017-19186
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-201708-140
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-116347
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2017-8144
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-19186
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-116347
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-8144
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-19186 // VULHUB: VHN-116347 // JVNDB: JVNDB-2017-010809 // CNNVD: CNNVD-201708-140 // NVD: CVE-2017-8144

PROBLEMTYPE DATA

problemtype:	CWE-920	Trust: 1.0
problemtype:	CWE-399	Trust: 0.9

sources: VULHUB: VHN-116347 // JVNDB: JVNDB-2017-010809 // NVD: CVE-2017-8144

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201708-140

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201708-140

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-010809

PATCH

title:	huawei-sa-20170725-01-smartphone	url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170725-01-smartphone-en	Trust: 0.8
title:	Patches for resource consumption vulnerabilities in various Huawei phones	url:	https://www.cnvd.org.cn/patchInfo/show/99591	Trust: 0.6
title:	Multiple Huawei Mobile phone security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=72382	Trust: 0.6

sources: CNVD: CNVD-2017-19186 // JVNDB: JVNDB-2017-010809 // CNNVD: CNNVD-201708-140

EXTERNAL IDS

db:	NVD	id:	CVE-2017-8144	Trust: 3.1
db:	JVNDB	id:	JVNDB-2017-010809	Trust: 0.8
db:	CNNVD	id:	CNNVD-201708-140	Trust: 0.7
db:	CNVD	id:	CNVD-2017-19186	Trust: 0.6
db:	VULHUB	id:	VHN-116347	Trust: 0.1

sources: CNVD: CNVD-2017-19186 // VULHUB: VHN-116347 // JVNDB: JVNDB-2017-010809 // CNNVD: CNNVD-201708-140 // NVD: CVE-2017-8144

REFERENCES

url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170725-01-smartphone-en	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8144	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-8144	Trust: 0.8
url:	http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20170725-01-smartphone-cn	Trust: 0.6

sources: CNVD: CNVD-2017-19186 // VULHUB: VHN-116347 // JVNDB: JVNDB-2017-010809 // CNNVD: CNNVD-201708-140 // NVD: CVE-2017-8144

CREDITS

Erez Yalon of Checkmarx

Trust: 0.6

sources: CNNVD: CNNVD-201708-140

SOURCES

db:	CNVD	id:	CNVD-2017-19186
db:	VULHUB	id:	VHN-116347
db:	JVNDB	id:	JVNDB-2017-010809
db:	CNNVD	id:	CNNVD-201708-140
db:	NVD	id:	CVE-2017-8144

LAST UPDATE DATE

2024-11-23T23:12:17.805000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-19186	date:	2017-08-07T00:00:00
db:	VULHUB	id:	VHN-116347	date:	2019-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2017-010809	date:	2017-12-25T00:00:00
db:	CNNVD	id:	CNNVD-201708-140	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2017-8144	date:	2024-11-21T03:33:24.477

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-19186	date:	2017-08-07T00:00:00
db:	VULHUB	id:	VHN-116347	date:	2017-11-22T00:00:00
db:	JVNDB	id:	JVNDB-2017-010809	date:	2017-12-25T00:00:00
db:	CNNVD	id:	CNNVD-201708-140	date:	2017-07-25T00:00:00
db:	NVD	id:	CVE-2017-8144	date:	2017-11-22T19:29:03.117