Sign-up

ID

VAR-201711-1018


CVE

CVE-2017-8203


TITLE

Huawei Nova 2 Plus and Nova 2 Vulnerability related to the use of released memory in smartphone software

Trust: 0.8

sources: JVNDB: JVNDB-2017-010740

DESCRIPTION

The Bastet Driver of Nova 2 Plus,Nova 2 Huawei smart phones with software of Versions earlier than BAC-AL00C00B173,Versions earlier than PIC-AL00C00B173 has a use after free (UAF) vulnerability. An attacker can convince a user to install a malicious application which has a high privilege to exploit this vulnerability, Successful exploitation may cause arbitrary code execution. Huawei Nova 2 Plus and Nova 2 Smartphone software contains a vulnerability related to the use of freed memory.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Both Nova2 and Nova2Plus are smartphone devices from China's Huawei company. The UseAfterFree (UAF) security vulnerability exists in the Bastet driver of HuaweiNova2 and Nova2Plus. Huawei Smart Phones are prone to a remote code-execution vulnerability. Failed exploit attempts will likely cause a denial-of-service condition

Trust: 2.43

sources: NVD: CVE-2017-8203 // JVNDB: JVNDB-2017-010740 // CNVD: CNVD-2017-34798 // BID: 101960

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-34798

AFFECTED PRODUCTS

vendor:huaweimodel:nova 2 plusscope:ltversion:bac-al00c00b173

Trust: 1.8

vendor:huaweimodel:nova 2scope:ltversion:pic-al00c00b173

Trust: 1.8

vendor:huaweimodel:nova <=pic-al00c00b173scope:eqversion:2

Trust: 0.6

vendor:huaweimodel:nova plus <=bac-al00c00b173scope:eqversion:2

Trust: 0.6

vendor:huaweimodel:nova plusscope:eqversion:20

Trust: 0.3

vendor:huaweimodel:novascope:eqversion:20

Trust: 0.3

vendor:huaweimodel:nova plus bac-al00c00b173scope:neversion:2

Trust: 0.3

vendor:huaweimodel:nova pic-al00c00b173scope:neversion:2

Trust: 0.3

sources: CNVD: CNVD-2017-34798 // BID: 101960 // JVNDB: JVNDB-2017-010740 // NVD: CVE-2017-8203

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-8203
value: HIGH

Trust: 1.0

NVD: CVE-2017-8203
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-34798
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201711-935
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2017-8203
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-34798
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2017-8203
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-34798 // JVNDB: JVNDB-2017-010740 // CNNVD: CNNVD-201711-935 // NVD: CVE-2017-8203

PROBLEMTYPE DATA

problemtype:CWE-416

Trust: 1.8

sources: JVNDB: JVNDB-2017-010740 // NVD: CVE-2017-8203

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201711-935

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201711-935

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-010740

PATCH
title:huawei-sa-20170927-01-smartphoneurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170927-01-smartphone-en
Trust: 0.8
title:HuaweiNova2Bastet driver privilege escalation vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/106544
Trust: 0.6
title:Huawei Nova 2  and Nova 2 Plus Bastet Driver security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76645
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-34798 // 
            
            
            
            JVNDB: JVNDB-2017-010740 // 
            
            
            
            CNNVD: CNNVD-201711-935

EXTERNAL IDS
db:NVDid:CVE-2017-8203
Trust: 3.3
db:BIDid:101960
Trust: 1.3
db:JVNDBid:JVNDB-2017-010740
Trust: 0.8
db:CNVDid:CNVD-2017-34798
Trust: 0.6
db:CNNVDid:CNNVD-201711-935
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-34798 // 
            
            
            
            BID: 101960 // 
            
            
            
            JVNDB: JVNDB-2017-010740 // 
            
            
            
            CNNVD: CNNVD-201711-935 // 
            
            
            
            NVD: CVE-2017-8203

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170927-01-smartphone-en
Trust: 1.9
url:http://www.securityfocus.com/bid/101960
Trust: 1.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8203
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-8203
Trust: 0.8
url:http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20170927-01-smartphone-cn
Trust: 0.6
url:http://www.huawei.com/en/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-34798 // 
            
            
            
            BID: 101960 // 
            
            
            
            JVNDB: JVNDB-2017-010740 // 
            
            
            
            CNNVD: CNNVD-201711-935 // 
            
            
            
            NVD: CVE-2017-8203

CREDITS
Yonggang Guo
Trust: 0.3
sources:
            
            
            BID: 101960

SOURCES
db:CNVDid:CNVD-2017-34798
db:BIDid:101960
db:JVNDBid:JVNDB-2017-010740
db:CNNVDid:CNNVD-201711-935
db:NVDid:CVE-2017-8203

LAST UPDATE DATE
2024-11-23T23:05:16.633000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-34798date:2017-11-21T00:00:00
db:BIDid:101960date:2017-12-19T22:37:00
db:JVNDBid:JVNDB-2017-010740date:2017-12-21T00:00:00
db:CNNVDid:CNNVD-201711-935date:2017-11-23T00:00:00
db:NVDid:CVE-2017-8203date:2024-11-21T03:33:31.720

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-34798date:2017-11-21T00:00:00
db:BIDid:101960date:2017-09-27T00:00:00
db:JVNDBid:JVNDB-2017-010740date:2017-12-21T00:00:00
db:CNNVDid:CNNVD-201711-935date:2017-11-23T00:00:00
db:NVDid:CVE-2017-8203date:2017-11-22T19:29:05.117