Details of VAR-201711-0983

ID

VAR-201711-0983

CVE

CVE-2017-8145

TITLE

Huawei P10 and P10 Plus Vulnerability related to input validation in smartphone software

Trust: 0.8

sources: JVNDB: JVNDB-2017-010728

DESCRIPTION

The call module of P10 and P10 Plus smartphones with software versions before VTR-AL00C00B167, versions before VTR-TL00C01B167, versions before VKY-AL00C00B167, versions before VKY-TL00C01B167 has a DoS vulnerability. An attacker may trick a user into installing a malicious application, and the application can send given parameter to call module to crash the call and data communication process. HuaweiP10 and P10Plus are both Huawei's smartphone products. Callmodule is one of the call modules. A denial of service vulnerability exists in the talk module in HuaweiP10 and P10Plus

Trust: 2.16

sources: NVD: CVE-2017-8145 // JVNDB: JVNDB-2017-010728 // CNVD: CNVD-2017-19187

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-19187

AFFECTED PRODUCTS

vendor:	huawei	model:	p10 plus	scope:	lt	version:	vky-al00c00b167	Trust: 1.8
vendor:	huawei	model:	p10 plus	scope:	lt	version:	vky-tl00c01b167	Trust: 1.8
vendor:	huawei	model:	p10	scope:	lt	version:	vtr-al00c00b167	Trust: 1.8
vendor:	huawei	model:	p10	scope:	lt	version:	vtr-tl00c01b167	Trust: 1.8
vendor:	huawei	model:	p10 plus vky-al00c00b167	scope:	lt	version:	-	Trust: 0.6
vendor:	huawei	model:	p10 plus vky-tl00c01b167	scope:	lt	version:	-	Trust: 0.6
vendor:	huawei	model:	p10 vtr-al00c00b167	scope:	lt	version:	-	Trust: 0.6
vendor:	huawei	model:	p10 vtr-tl00c01b167	scope:	lt	version:	-	Trust: 0.6

sources: CNVD: CNVD-2017-19187 // JVNDB: JVNDB-2017-010728 // NVD: CVE-2017-8145

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-8145
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-8145
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2017-19187
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201708-139
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2017-8145
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-19187
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2017-8145
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-19187 // JVNDB: JVNDB-2017-010728 // CNNVD: CNNVD-201708-139 // NVD: CVE-2017-8145

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2017-010728 // NVD: CVE-2017-8145

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201708-139

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201708-139

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-010728

PATCH

title:	huawei-sa-20170725-02-smartphone	url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170725-02-smartphone-en	Trust: 0.8
title:	Huawei mobile phone call module denial of service vulnerability patch	url:	https://www.cnvd.org.cn/patchInfo/show/99589	Trust: 0.6
title:	Huawei P10 and P10 Plus Repair measures for call module security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=72381	Trust: 0.6

sources: CNVD: CNVD-2017-19187 // JVNDB: JVNDB-2017-010728 // CNNVD: CNNVD-201708-139

EXTERNAL IDS

db:	NVD	id:	CVE-2017-8145	Trust: 3.0
db:	JVNDB	id:	JVNDB-2017-010728	Trust: 0.8
db:	CNVD	id:	CNVD-2017-19187	Trust: 0.6
db:	CNNVD	id:	CNNVD-201708-139	Trust: 0.6

sources: CNVD: CNVD-2017-19187 // JVNDB: JVNDB-2017-010728 // CNNVD: CNNVD-201708-139 // NVD: CVE-2017-8145

REFERENCES

url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170725-02-smartphone-en	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8145	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-8145	Trust: 0.8
url:	http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20170725-02-smartphone-cn	Trust: 0.6

sources: CNVD: CNVD-2017-19187 // JVNDB: JVNDB-2017-010728 // CNNVD: CNNVD-201708-139 // NVD: CVE-2017-8145

CREDITS

Erez Yalon of Checkmarx

Trust: 0.6

sources: CNNVD: CNNVD-201708-139

SOURCES

db:	CNVD	id:	CNVD-2017-19187
db:	JVNDB	id:	JVNDB-2017-010728
db:	CNNVD	id:	CNNVD-201708-139
db:	NVD	id:	CVE-2017-8145

LAST UPDATE DATE

2024-11-23T22:00:48.822000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-19187	date:	2017-08-07T00:00:00
db:	JVNDB	id:	JVNDB-2017-010728	date:	2017-12-21T00:00:00
db:	CNNVD	id:	CNNVD-201708-139	date:	2017-08-04T00:00:00
db:	NVD	id:	CVE-2017-8145	date:	2024-11-21T03:33:24.607

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-19187	date:	2017-08-07T00:00:00
db:	JVNDB	id:	JVNDB-2017-010728	date:	2017-12-21T00:00:00
db:	CNNVD	id:	CNNVD-201708-139	date:	2017-07-25T00:00:00
db:	NVD	id:	CVE-2017-8145	date:	2017-11-22T19:29:03.163