Sign-up

ID

VAR-201803-1040


CVE

CVE-2017-17225


TITLE

Huawei Mate 9 Pro Smartphone buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-012828

DESCRIPTION

The Near Field Communication (NFC) module in Huawei Mate 9 Pro mobile phones with the versions before LON-AL00B 8.0.0.340a(C00) has a buffer overflow vulnerability due to the lack of input validation. An attacker may use an NFC card reader or another device to inject malicious data into a target mobile phone. Successful exploit could lead to system restart or arbitrary code execution. Huawei Mate 9 Pro Smartphones contain a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HuaweiMate9Pro is a smartphone from China's Huawei company. A buffer overflow vulnerability exists in the HuaweiMate9ProNFC module due to a lack of parameter checking in the program. Multiple Huawei Products are prone to a buffer-overflow vulnerability. Failed exploit attempts will likely cause a denial-of-service condition

Trust: 2.43

sources: NVD: CVE-2017-17225 // JVNDB: JVNDB-2017-012828 // CNVD: CNVD-2018-02554 // BID: 103448

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-02554

AFFECTED PRODUCTS

vendor:huaweimodel:mate 9 proscope:ltversion:lon-al00b_8.0.0.340a\(c00\)

Trust: 1.0

vendor:huaweimodel:mate 9 proscope:ltversion:lon-al00b 8.0.0.340a(c00)

Trust: 0.8

vendor:huaweimodel:mate pro lon-al00b 8.0.0.340ascope:eqversion:9

Trust: 0.6

vendor:huaweimodel:mate proscope:eqversion:90

Trust: 0.3

vendor:huaweimodel:mate pro lon-al00b 8.0.0.340ascope:neversion:9

Trust: 0.3

sources: CNVD: CNVD-2018-02554 // BID: 103448 // JVNDB: JVNDB-2017-012828 // NVD: CVE-2017-17225

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-17225
value: HIGH

Trust: 1.0

NVD: CVE-2017-17225
value: HIGH

Trust: 0.8

CNVD: CNVD-2018-02554
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201803-301
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2017-17225
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-02554
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2017-17225
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-02554 // JVNDB: JVNDB-2017-012828 // CNNVD: CNNVD-201803-301 // NVD: CVE-2017-17225

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.8

sources: JVNDB: JVNDB-2017-012828 // NVD: CVE-2017-17225

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201803-301

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201803-301

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-012828

PATCH
title:huawei-sa-20180130-01-smartphoneurl:http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180130-01-smartphone-en
Trust: 0.8
title:HuaweiMate9ProNFC module buffer overflow vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/115295
Trust: 0.6
title:Huawei Mate 9 Pro LON-AL00B NFC Fixes for module buffer error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79023
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-02554 // 
            
            
            
            JVNDB: JVNDB-2017-012828 // 
            
            
            
            CNNVD: CNNVD-201803-301

EXTERNAL IDS
db:NVDid:CVE-2017-17225
Trust: 3.3
db:JVNDBid:JVNDB-2017-012828
Trust: 0.8
db:CNVDid:CNVD-2018-02554
Trust: 0.6
db:CNNVDid:CNNVD-201803-301
Trust: 0.6
db:BIDid:103448
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2018-02554 // 
            
            
            
            BID: 103448 // 
            
            
            
            JVNDB: JVNDB-2017-012828 // 
            
            
            
            CNNVD: CNNVD-201803-301 // 
            
            
            
            NVD: CVE-2017-17225

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180130-01-smartphone-en
Trust: 1.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17225
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-17225
Trust: 0.8
url:http://www.huawei.com/cn/psirt/security-advisories/2018/huawei-sa-20180130-01-smartphone-cn
Trust: 0.6
url:http://www.huawei.com/en/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2018-02554 // 
            
            
            
            BID: 103448 // 
            
            
            
            JVNDB: JVNDB-2017-012828 // 
            
            
            
            CNNVD: CNNVD-201803-301 // 
            
            
            
            NVD: CVE-2017-17225

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 103448

SOURCES
db:CNVDid:CNVD-2018-02554
db:BIDid:103448
db:JVNDBid:JVNDB-2017-012828
db:CNNVDid:CNNVD-201803-301
db:NVDid:CVE-2017-17225

LAST UPDATE DATE
2024-11-23T22:45:25.804000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-02554date:2018-02-01T00:00:00
db:BIDid:103448date:2018-01-30T00:00:00
db:JVNDBid:JVNDB-2017-012828date:2018-04-20T00:00:00
db:CNNVDid:CNNVD-201803-301date:2018-03-13T00:00:00
db:NVDid:CVE-2017-17225date:2024-11-21T03:17:41.883

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-02554date:2018-02-01T00:00:00
db:BIDid:103448date:2018-01-30T00:00:00
db:JVNDBid:JVNDB-2017-012828date:2018-04-20T00:00:00
db:CNNVDid:CNNVD-201803-301date:2018-03-13T00:00:00
db:NVDid:CVE-2017-17225date:2018-03-09T17:29:01.407