Sign-up

ID

VAR-201803-0197


CVE

CVE-2017-17319


TITLE

Huawei P9 Information Disclosure Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2018-05335 // CNNVD: CNNVD-201803-718

DESCRIPTION

Huawei P9 smartphones with the versions before EVA-AL10C00B399SP02 have an information disclosure vulnerability. The software does not properly protect certain resource which can be accessed by multithreading. An attacker tricks the user who has root privilege to install a crafted application, successful exploit could result in kernel information disclosure. HuaweiP9 is a smartphone from China's Huawei company

Trust: 2.16

sources: NVD: CVE-2017-17319 // JVNDB: JVNDB-2017-012981 // CNVD: CNVD-2018-05335

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-05335

AFFECTED PRODUCTS

vendor:huaweimodel:p9scope:ltversion:eva-al10c00b399sp02

Trust: 1.0

vendor:huaweimodel:mate 9 proscope:ltversion:eva-al10c00b399sp02

Trust: 0.8

vendor:huaweimodel:p9 <eva-al10c00b399sp02scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2018-05335 // JVNDB: JVNDB-2017-012981 // NVD: CVE-2017-17319

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-17319
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-17319
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2018-05335
value: LOW

Trust: 0.6

CNNVD: CNNVD-201803-718
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2017-17319
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-05335
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2017-17319
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-05335 // JVNDB: JVNDB-2017-012981 // CNNVD: CNNVD-201803-718 // NVD: CVE-2017-17319

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.8

sources: JVNDB: JVNDB-2017-012981 // NVD: CVE-2017-17319

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201803-718

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201803-718

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-012981

PATCH
title:huawei-sa-20180314-01-smartphoneurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180314-01-smartphone-en
Trust: 0.8
title:HuaweiP9 information disclosure vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/121557
Trust: 0.6
title:Huawei P9 Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79318
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-05335 // 
            
            
            
            JVNDB: JVNDB-2017-012981 // 
            
            
            
            CNNVD: CNNVD-201803-718

EXTERNAL IDS
db:NVDid:CVE-2017-17319
Trust: 3.0
db:JVNDBid:JVNDB-2017-012981
Trust: 0.8
db:CNVDid:CNVD-2018-05335
Trust: 0.6
db:CNNVDid:CNNVD-201803-718
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-05335 // 
            
            
            
            JVNDB: JVNDB-2017-012981 // 
            
            
            
            CNNVD: CNNVD-201803-718 // 
            
            
            
            NVD: CVE-2017-17319

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180314-01-smartphone-en
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17319
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-17319
Trust: 0.8
url:http://www.huawei.com/cn/psirt/security-advisories/2018/huawei-sa-20180314-01-smartphone-cn
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-05335 // 
            
            
            
            JVNDB: JVNDB-2017-012981 // 
            
            
            
            CNNVD: CNNVD-201803-718 // 
            
            
            
            NVD: CVE-2017-17319

SOURCES
db:CNVDid:CNVD-2018-05335
db:JVNDBid:JVNDB-2017-012981
db:CNNVDid:CNNVD-201803-718
db:NVDid:CVE-2017-17319

LAST UPDATE DATE
2024-11-23T22:34:19.620000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-05335date:2018-03-15T00:00:00
db:JVNDBid:JVNDB-2017-012981date:2018-05-15T00:00:00
db:CNNVDid:CNNVD-201803-718date:2018-03-21T00:00:00
db:NVDid:CVE-2017-17319date:2024-11-21T03:17:49.753

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-05335date:2018-03-15T00:00:00
db:JVNDBid:JVNDB-2017-012981date:2018-05-15T00:00:00
db:CNNVDid:CNNVD-201803-718date:2018-03-21T00:00:00
db:NVDid:CVE-2017-17319date:2018-03-20T15:29:00.407