Sign-up

ID

VAR-201712-0798


CVE

CVE-2017-15311


TITLE

plural Huawei Buffer error vulnerability in smartphone software

Trust: 0.8

sources: JVNDB: JVNDB-2017-011709

DESCRIPTION

The baseband modules of Mate 10, Mate 10 Pro, Mate 9, Mate 9 Pro Huawei smart phones with software before ALP-AL00 8.0.0.120(SP2C00), before BLA-AL00 8.0.0.120(SP2C00), before MHA-AL00B 8.0.0.334(C00), and before LON-AL00B 8.0.0.334(C00) have a stack overflow vulnerability due to the lack of parameter validation. An attacker could send malicious packets to the smart phones within radio range by special wireless device, which leads stack overflow when the baseband module handles these packets. The attacker could exploit this vulnerability to perform a denial of service attack or remote code execution in baseband module. plural Huawei Smartphone software contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HuaweiMate10 and Mate10Pro are both Huawei's smartphone products. Basebandmodules is one of the baseband modules. A stack overflow vulnerability exists in the baseband module in versions prior to HuaweiMate10ALP-AL008.0.0.120 (SP2C00) and in versions prior to Mate10ProBLA-AL008.0.0.120 (SP2C00) because the program did not adequately detect the parameters

Trust: 2.16

sources: NVD: CVE-2017-15311 // JVNDB: JVNDB-2017-011709 // CNVD: CNVD-2017-38110

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-38110

AFFECTED PRODUCTS

vendor:huaweimodel:mate 10scope:ltversion:alp-al00_8.0.0.120\(sp2c00\)

Trust: 1.0

vendor:huaweimodel:mate 10 proscope:ltversion:bla-al00_8.0.0.120\(sp2c00\)

Trust: 1.0

vendor:huaweimodel:mate 9 proscope:ltversion:lon-al00b_8.0.0.334\(c00\)

Trust: 1.0

vendor:huaweimodel:mate 9scope:ltversion:mha-al00b_8.0.0.334\(c00\)

Trust: 1.0

vendor:huaweimodel:mate 10 proscope:ltversion:bla-al00 8.0.0.120(sp2c00)

Trust: 0.8

vendor:huaweimodel:mate 10scope:ltversion:alp-al00 8.0.0.120(sp2c00)

Trust: 0.8

vendor:huaweimodel:mate 9 proscope:ltversion:lon-al00b 8.0.0.334(c00)

Trust: 0.8

vendor:huaweimodel:mate 9scope:ltversion:mha-al00b 8.0.0.334(c00)

Trust: 0.8

vendor:huaweimodel:mate <alp-al00 8.0.0.120scope:eqversion:10

Trust: 0.6

vendor:huaweimodel:mate pro <bla-al00 8.0.0.120scope:eqversion:10

Trust: 0.6

vendor:huaweimodel:mate <mha-al00b 8.0.0.334scope:eqversion:9

Trust: 0.6

vendor:huaweimodel:mate pro <lon-al00b 8.0.0.334scope:eqversion:9

Trust: 0.6

sources: CNVD: CNVD-2017-38110 // JVNDB: JVNDB-2017-011709 // NVD: CVE-2017-15311

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-15311
value: HIGH

Trust: 1.0

NVD: CVE-2017-15311
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-38110
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201710-465
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2017-15311
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-38110
severity: HIGH
baseScore: 9.4
vectorString: AV:N/AC:L/AU:N/C:N/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 9.2
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2017-15311
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-38110 // JVNDB: JVNDB-2017-011709 // CNNVD: CNNVD-201710-465 // NVD: CVE-2017-15311

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.8

sources: JVNDB: JVNDB-2017-011709 // NVD: CVE-2017-15311

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201710-465

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201710-465

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-011709

PATCH
title:huawei-sa-20171125-01-basebandurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171125-01-baseband-en
Trust: 0.8
title:Patch for Huawei HuaweiMate10 and Mate10Pro stack overflow vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/111735
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-38110 // 
            
            
            
            JVNDB: JVNDB-2017-011709

EXTERNAL IDS
db:NVDid:CVE-2017-15311
Trust: 3.0
db:JVNDBid:JVNDB-2017-011709
Trust: 0.8
db:CNVDid:CNVD-2017-38110
Trust: 0.6
db:CNNVDid:CNNVD-201710-465
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-38110 // 
            
            
            
            JVNDB: JVNDB-2017-011709 // 
            
            
            
            CNNVD: CNNVD-201710-465 // 
            
            
            
            NVD: CVE-2017-15311

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171125-01-baseband-en
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-15311
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-15311
Trust: 0.8
url:http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20171125-01-baseband-cn
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-38110 // 
            
            
            
            JVNDB: JVNDB-2017-011709 // 
            
            
            
            CNNVD: CNNVD-201710-465 // 
            
            
            
            NVD: CVE-2017-15311

CREDITS
Tencent Keen Security Lab
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201710-465

SOURCES
db:CNVDid:CNVD-2017-38110
db:JVNDBid:JVNDB-2017-011709
db:CNNVDid:CNNVD-201710-465
db:NVDid:CVE-2017-15311

LAST UPDATE DATE
2024-11-23T22:48:52.447000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-38110date:2017-12-26T00:00:00
db:JVNDBid:JVNDB-2017-011709date:2018-01-24T00:00:00
db:CNNVDid:CNNVD-201710-465date:2017-12-26T00:00:00
db:NVDid:CVE-2017-15311date:2024-11-21T03:14:26.417

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-38110date:2017-12-26T00:00:00
db:JVNDBid:JVNDB-2017-011709date:2018-01-24T00:00:00
db:CNNVDid:CNNVD-201710-465date:2017-11-25T00:00:00
db:NVDid:CVE-2017-15311date:2017-12-22T17:29:13.063