Details of VAR-201802-0544

ID

VAR-201802-0544

CVE

CVE-2017-15345

TITLE

Huawei Vulnerability related to resource depletion in smartphone software

Trust: 0.8

sources: JVNDB: JVNDB-2017-012323

DESCRIPTION

Huawei Smartphones with software LON-L29DC721B186 have a denial of service vulnerability. An attacker could make an loop exit condition that cannot be reached by sending the crafted 3GPP message. Successful exploit could cause the device to reboot. Huawei Smartphone software is vulnerable to resource exhaustion.Service operation interruption (DoS) There is a possibility of being put into a state. HuaweiLON-L29D is a smartphone from Huawei. Huawei LON-L29D is a smart phone product of China Huawei (Huawei)

Trust: 2.25

sources: NVD: CVE-2017-15345 // JVNDB: JVNDB-2017-012323 // CNVD: CNVD-2017-34413 // VULHUB: VHN-106158

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-34413

AFFECTED PRODUCTS

vendor:	huawei	model:	lon-l29d	scope:	eq	version:	lon-l29dc721b186	Trust: 2.4
vendor:	huawei	model:	lon-l29d lon-l29dc721b186	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2017-34413 // JVNDB: JVNDB-2017-012323 // CNNVD: CNNVD-201802-461 // NVD: CVE-2017-15345

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-15345
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-15345
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2017-34413
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201802-461
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-106158
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-15345
severity:	MEDIUM
baseScore:	5.7
vectorString:	AV:A/AC:M/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	5.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-34413
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:A/AC:H/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.2
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-106158
severity:	MEDIUM
baseScore:	5.7
vectorString:	AV:A/AC:M/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	5.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-15345
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	ADJACENT
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.6
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-34413 // VULHUB: VHN-106158 // JVNDB: JVNDB-2017-012323 // CNNVD: CNNVD-201802-461 // NVD: CVE-2017-15345

PROBLEMTYPE DATA

problemtype:

CWE-400

Trust: 1.9

sources: VULHUB: VHN-106158 // JVNDB: JVNDB-2017-012323 // NVD: CVE-2017-15345

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201802-461

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201802-461

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-012323

PATCH

title:	huawei-sa-20171108-01-smartphone	url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171108-01-smartphone-en	Trust: 0.8
title:	HuaweiLON-L29D denial of service vulnerability patch	url:	https://www.cnvd.org.cn/patchInfo/show/106289	Trust: 0.6
title:	Huawei LON-L29D Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=78540	Trust: 0.6

sources: CNVD: CNVD-2017-34413 // JVNDB: JVNDB-2017-012323 // CNNVD: CNNVD-201802-461

EXTERNAL IDS

db:	NVD	id:	CVE-2017-15345	Trust: 3.1
db:	JVNDB	id:	JVNDB-2017-012323	Trust: 0.8
db:	CNNVD	id:	CNNVD-201802-461	Trust: 0.7
db:	CNVD	id:	CNVD-2017-34413	Trust: 0.6
db:	VULHUB	id:	VHN-106158	Trust: 0.1

sources: CNVD: CNVD-2017-34413 // VULHUB: VHN-106158 // JVNDB: JVNDB-2017-012323 // CNNVD: CNNVD-201802-461 // NVD: CVE-2017-15345

REFERENCES

url:	http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20171108-01-smartphone-cn	Trust: 1.2
url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171108-01-smartphone-en	Trust: 1.1
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-15345	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-15345	Trust: 0.8

sources: CNVD: CNVD-2017-34413 // VULHUB: VHN-106158 // JVNDB: JVNDB-2017-012323 // CNNVD: CNNVD-201802-461 // NVD: CVE-2017-15345

SOURCES

db:	CNVD	id:	CNVD-2017-34413
db:	VULHUB	id:	VHN-106158
db:	JVNDB	id:	JVNDB-2017-012323
db:	CNNVD	id:	CNNVD-201802-461
db:	NVD	id:	CVE-2017-15345

LAST UPDATE DATE

2024-11-23T22:45:26.753000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-34413	date:	2017-11-17T00:00:00
db:	VULHUB	id:	VHN-106158	date:	2018-02-22T00:00:00
db:	JVNDB	id:	JVNDB-2017-012323	date:	2018-03-07T00:00:00
db:	CNNVD	id:	CNNVD-201802-461	date:	2020-10-23T00:00:00
db:	NVD	id:	CVE-2017-15345	date:	2024-11-21T03:14:30.650

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-34413	date:	2017-11-17T00:00:00
db:	VULHUB	id:	VHN-106158	date:	2018-02-15T00:00:00
db:	JVNDB	id:	JVNDB-2017-012323	date:	2018-03-07T00:00:00
db:	CNNVD	id:	CNNVD-201802-461	date:	2018-02-23T00:00:00
db:	NVD	id:	CVE-2017-15345	date:	2018-02-15T16:29:01