Details of VAR-201711-0984

ID

VAR-201711-0984

CVE

CVE-2017-8146

TITLE

Huawei P10 and P10 Plus Input Confirmation Vulnerability in Smartphone Software

Trust: 0.8

sources: JVNDB: JVNDB-2017-010729

DESCRIPTION

The call module of P10 and P10 Plus smartphones with software versions before VTR-AL00C00B167, versions before VTR-TL00C01B167, versions before VKY-AL00C00B167, versions before VKY-TL00C01B167 has a DoS vulnerability. An attacker may trick a user into installing a malicious application, and the application can send given parameter to call module to crash the call and data communication process. HuaweiP10 and P10Plus are both Huawei's smartphone products. Callmodule is one of the call modules. A denial of service vulnerability exists in the talk module in HuaweiP10 and P10Plus

Trust: 2.16

sources: NVD: CVE-2017-8146 // JVNDB: JVNDB-2017-010729 // CNVD: CNVD-2017-19188

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-19188

AFFECTED PRODUCTS

vendor:	huawei	model:	p10 plus	scope:	lt	version:	vky-al00c00b167	Trust: 1.8
vendor:	huawei	model:	p10 plus	scope:	lt	version:	vky-tl00c01b167	Trust: 1.8
vendor:	huawei	model:	p10	scope:	lt	version:	vtr-al00c00b167	Trust: 1.8
vendor:	huawei	model:	p10	scope:	lt	version:	vtr-tl00c01b167	Trust: 1.8
vendor:	huawei	model:	p10 plus vky-al00c00b167	scope:	lt	version:	-	Trust: 0.6
vendor:	huawei	model:	p10 plus vky-tl00c01b167	scope:	lt	version:	-	Trust: 0.6
vendor:	huawei	model:	p10 vtr-al00c00b167	scope:	lt	version:	-	Trust: 0.6
vendor:	huawei	model:	p10 vtr-tl00c01b167	scope:	lt	version:	-	Trust: 0.6

sources: CNVD: CNVD-2017-19188 // JVNDB: JVNDB-2017-010729 // NVD: CVE-2017-8146

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-8146
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-8146
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2017-19188
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201708-138
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2017-8146
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-19188
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2017-8146
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-19188 // JVNDB: JVNDB-2017-010729 // CNNVD: CNNVD-201708-138 // NVD: CVE-2017-8146

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2017-010729 // NVD: CVE-2017-8146

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201708-138

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201708-138

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-010729

PATCH

title:	huawei-sa-20170725-02-smartphone	url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170725-02-smartphone-en	Trust: 0.8
title:	Huawei Mobile Call Module Denial of Service Vulnerability (CNVD-2017-19188) patch	url:	https://www.cnvd.org.cn/patchInfo/show/99590	Trust: 0.6
title:	Huawei P10 and P10 Plus Repair measures for call module security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=72380	Trust: 0.6

sources: CNVD: CNVD-2017-19188 // JVNDB: JVNDB-2017-010729 // CNNVD: CNNVD-201708-138

EXTERNAL IDS

db:	NVD	id:	CVE-2017-8146	Trust: 3.0
db:	JVNDB	id:	JVNDB-2017-010729	Trust: 0.8
db:	CNVD	id:	CNVD-2017-19188	Trust: 0.6
db:	CNNVD	id:	CNNVD-201708-138	Trust: 0.6

sources: CNVD: CNVD-2017-19188 // JVNDB: JVNDB-2017-010729 // CNNVD: CNNVD-201708-138 // NVD: CVE-2017-8146

REFERENCES

url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170725-02-smartphone-en	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8146	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-8146	Trust: 0.8
url:	http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20170725-02-smartphone-cn	Trust: 0.6

sources: CNVD: CNVD-2017-19188 // JVNDB: JVNDB-2017-010729 // CNNVD: CNNVD-201708-138 // NVD: CVE-2017-8146

CREDITS

Erez Yalon of Checkmarx

Trust: 0.6

sources: CNNVD: CNNVD-201708-138

SOURCES

db:	CNVD	id:	CNVD-2017-19188
db:	JVNDB	id:	JVNDB-2017-010729
db:	CNNVD	id:	CNNVD-201708-138
db:	NVD	id:	CVE-2017-8146

LAST UPDATE DATE

2024-11-23T22:56:03.088000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-19188	date:	2017-08-07T00:00:00
db:	JVNDB	id:	JVNDB-2017-010729	date:	2017-12-21T00:00:00
db:	CNNVD	id:	CNNVD-201708-138	date:	2017-08-04T00:00:00
db:	NVD	id:	CVE-2017-8146	date:	2024-11-21T03:33:24.730

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-19188	date:	2017-08-07T00:00:00
db:	JVNDB	id:	JVNDB-2017-010729	date:	2017-12-21T00:00:00
db:	CNNVD	id:	CNNVD-201708-138	date:	2017-07-25T00:00:00
db:	NVD	id:	CVE-2017-8146	date:	2017-11-22T19:29:03.193