Details of VAR-201806-0422

ID

VAR-201806-0422

CVE

CVE-2017-17171

TITLE

plural Huawei Vulnerability related to input confirmation in smartphones

Trust: 0.8

sources: JVNDB: JVNDB-2017-013795

DESCRIPTION

Some Huawei smart phones have the denial of service (DoS) vulnerability due to the improper processing of malicious parameters. An attacker may trick a target user into installing a malicious APK and launch attacks using a pre-installed app with specific permissions. Successful exploit could allow the app to send specific parameters to the smart phone driver, which will result in system restart. plural Huawei Smartphones contain a vulnerability related to input confirmation.Service operation interruption (DoS) There is a possibility of being put into a state. HuaweiMate8 and so on are all Huawei smartphone products from China. The Huawei Mate 8, P9 and P9 Plus are all smartphones from the Chinese company Huawei. A denial of service vulnerability exists in Huawei Mate 8, P9, and P9 Plus. The following products and versions are affected: Huawei Mate 8 before NXT-AL10C00B592, before NXT-CL00C92B592, before NXT-DL00C17B592, before NXT-L09AC636B220, before NXT-L09C185B582, before NXT-L09C432B581, before NXT-L09C432B581, NXT-L09C432B581 Version, version before NXT-L29C10B580, version before NXT-L29C185B582, version before NXT-L29C636B589, version before NXT-TL00C01B592; , before EVA-L09C185B391, before EVA-L09C432B395, before EVA-L09C464B383, before EVA-L09C605B392, before EVA-L09C635B391, before EVA-L09C636B388, before EVA-L19C10B394, before 24EVA-L19C -L19C605B390 before, EVA-L19C636B393 before, EVA-L29C636B389 before, EVA-TL00C01B398 before; P9 Plus VIE-L09C318B182 before, VIE-L09C432B380 before, VIE-L09C576B180 before VIE-L09C576B180, VIE-L27C -L29C636B388 before version

Trust: 2.25

sources: NVD: CVE-2017-17171 // JVNDB: JVNDB-2017-013795 // CNVD: CNVD-2018-12843 // VULHUB: VHN-108167

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-12843

AFFECTED PRODUCTS

vendor:	huawei	model:	p9 plus	scope:	lt	version:	vie-l09c576b180	Trust: 1.0
vendor:	huawei	model:	mate 8	scope:	lt	version:	nxt-l09c636b598a	Trust: 1.0
vendor:	huawei	model:	p9	scope:	lt	version:	eva-l09c432b395	Trust: 1.0
vendor:	huawei	model:	p9	scope:	lt	version:	eva-l09c185b391	Trust: 1.0
vendor:	huawei	model:	mate 8	scope:	lt	version:	nxt-l29c10b583	Trust: 1.0
vendor:	huawei	model:	p9	scope:	lt	version:	eva-l29c636b389	Trust: 1.0
vendor:	huawei	model:	p9 plus	scope:	lt	version:	vie-l29c605b370	Trust: 1.0
vendor:	huawei	model:	p9 plus	scope:	lt	version:	vie-l29c636b388	Trust: 1.0
vendor:	huawei	model:	mate 8	scope:	lt	version:	nxt-l09c605b585custc605d590	Trust: 1.0
vendor:	huawei	model:	mate 8	scope:	lt	version:	nxt-l09c432b582	Trust: 1.0
vendor:	huawei	model:	mate 8	scope:	lt	version:	nxt-al10c00b593	Trust: 1.0
vendor:	huawei	model:	mate 8	scope:	lt	version:	nxt-l09c185b583	Trust: 1.0
vendor:	huawei	model:	p9	scope:	lt	version:	eva-tl00c01b398	Trust: 1.0
vendor:	huawei	model:	p9	scope:	lt	version:	eva-dl00c17b398	Trust: 1.0
vendor:	huawei	model:	p9	scope:	lt	version:	eva-l09c464b383	Trust: 1.0
vendor:	huawei	model:	p9	scope:	lt	version:	eva-l19c432b392	Trust: 1.0
vendor:	huawei	model:	mate 8	scope:	lt	version:	nxt-cl00c92b593	Trust: 1.0
vendor:	huawei	model:	p9 plus	scope:	lt	version:	vie-l09c318b182	Trust: 1.0
vendor:	huawei	model:	p9	scope:	lt	version:	eva-al10c00b398	Trust: 1.0
vendor:	huawei	model:	mate 8	scope:	lt	version:	nxt-l29c185b585	Trust: 1.0
vendor:	huawei	model:	p9	scope:	lt	version:	eva-cl00c92b398	Trust: 1.0
vendor:	huawei	model:	p9	scope:	lte	version:	eva-l09c636b388	Trust: 1.0
vendor:	huawei	model:	mate 8	scope:	lt	version:	nxtl00c01b593	Trust: 1.0
vendor:	huawei	model:	mate 8	scope:	lt	version:	nxt-l29c636b594a	Trust: 1.0
vendor:	huawei	model:	p9	scope:	lt	version:	eva-l19c605b390	Trust: 1.0
vendor:	huawei	model:	mate 8	scope:	lt	version:	nxt-dl00c17b593	Trust: 1.0
vendor:	huawei	model:	p9	scope:	lt	version:	eva-l19c636b393	Trust: 1.0
vendor:	huawei	model:	p9 plus	scope:	lt	version:	vie-l09c432b380	Trust: 1.0
vendor:	huawei	model:	p9	scope:	lt	version:	eva-l19c10b394	Trust: 1.0
vendor:	huawei	model:	p9	scope:	lt	version:	eva-al00c00b398	Trust: 1.0
vendor:	huawei	model:	p9	scope:	lt	version:	eva-l09c605b392	Trust: 1.0
vendor:	huawei	model:	mate 8	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	p9 plus	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	p9	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	mate <nxt-al10c00b592	scope:	eq	version:	8	Trust: 0.6
vendor:	huawei	model:	mate <nxt-cl00c92b592	scope:	eq	version:	8	Trust: 0.6
vendor:	huawei	model:	mate <nxt-dl00c17b592	scope:	eq	version:	8	Trust: 0.6
vendor:	huawei	model:	mate <nxt-l09ac636b220	scope:	eq	version:	8	Trust: 0.6
vendor:	huawei	model:	mate <nxt-l09c185b582	scope:	eq	version:	8	Trust: 0.6
vendor:	huawei	model:	mate <nxt-l09c432b581	scope:	eq	version:	8	Trust: 0.6
vendor:	huawei	model:	mate <nxt-l09c605b585	scope:	eq	version:	8	Trust: 0.6
vendor:	huawei	model:	mate <nxt-l29c10b580	scope:	eq	version:	8	Trust: 0.6
vendor:	huawei	model:	mate <nxt-l29c185b582	scope:	eq	version:	8	Trust: 0.6
vendor:	huawei	model:	mate <nxt-l29c636b589	scope:	eq	version:	8	Trust: 0.6
vendor:	huawei	model:	mate <nxt-tl00c01b592	scope:	eq	version:	8	Trust: 0.6
vendor:	huawei	model:	p9 <eva-al00c00b398	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	p9 <eva-al10c00b398	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	p9 <eva-cl00c92b398	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	p9 <eva-dl00c17b398	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	p9 <eva-l09c185b391	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	p9 <eva-l09c432b395	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	p9 <eva-l09c464b383	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	p9 <eva-l09c605b392	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	p9 <eva-l09c635b391	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	p9 <eva-l09c636b388	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	p9 <eva-l19c10b394	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	p9 <eva-l19c432b392	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	p9 <eva-l19c605b390	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	p9 <eva-l19c636b393	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	p9 <eva-l29c636b389	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	p9 <eva-tl00c01b398	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	p9 plus <vie-l09c318b182	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	p9 plus <vie-l09c432b380	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	p9 plus <vie-l09c576b180	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	p9 plus <vie-l29c605b370	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	p9 plus <vie-l29c636b388	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	mate 8	scope:	eq	version:	nxt-dl10c00b197	Trust: 0.6
vendor:	huawei	model:	mate 8	scope:	eq	version:	nxt-al10c00b197	Trust: 0.6
vendor:	huawei	model:	p9	scope:	eq	version:	eva-l09c432b383	Trust: 0.6
vendor:	huawei	model:	p9	scope:	eq	version:	eva-l09c636b388	Trust: 0.6
vendor:	huawei	model:	mate 8	scope:	eq	version:	nxt-tl10c00b197	Trust: 0.6
vendor:	huawei	model:	mate 8	scope:	eq	version:	nxt-cl10c00b197	Trust: 0.6
vendor:	huawei	model:	p9	scope:	eq	version:	eva-l09c636b380	Trust: 0.6

sources: CNVD: CNVD-2018-12843 // JVNDB: JVNDB-2017-013795 // CNNVD: CNNVD-201712-934 // NVD: CVE-2017-17171

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-17171
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-17171
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2018-12843
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201712-934
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-108167
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-17171
severity:	MEDIUM
baseScore:	6.3
vectorString:	AV:N/AC:M/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.8
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-12843
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:L/AC:H/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	1.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-108167
severity:	MEDIUM
baseScore:	6.3
vectorString:	AV:N/AC:M/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.8
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-17171
baseSeverity:	MEDIUM
baseScore:	4.2
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	0.6
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2018-12843 // VULHUB: VHN-108167 // JVNDB: JVNDB-2017-013795 // CNNVD: CNNVD-201712-934 // NVD: CVE-2017-17171

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-108167 // JVNDB: JVNDB-2017-013795 // NVD: CVE-2017-17171

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201712-934

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201712-934

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-013795

PATCH

title:	huawei-sa-20180530-01-smartphone	url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-01-smartphone-en	Trust: 0.8
title:	Patches for multiple Huawei phone denial of service vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/134015	Trust: 0.6

sources: CNVD: CNVD-2018-12843 // JVNDB: JVNDB-2017-013795

EXTERNAL IDS

db:	NVD	id:	CVE-2017-17171	Trust: 3.1
db:	JVNDB	id:	JVNDB-2017-013795	Trust: 0.8
db:	CNNVD	id:	CNNVD-201712-934	Trust: 0.7
db:	CNVD	id:	CNVD-2018-12843	Trust: 0.6
db:	VULHUB	id:	VHN-108167	Trust: 0.1

sources: CNVD: CNVD-2018-12843 // VULHUB: VHN-108167 // JVNDB: JVNDB-2017-013795 // CNNVD: CNNVD-201712-934 // NVD: CVE-2017-17171

REFERENCES

url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-01-smartphone	Trust: 1.7
url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-01-smartphone-en	Trust: 1.0
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17171	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-17171	Trust: 0.8
url:	https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20180530-01-smartphone-cn	Trust: 0.6

sources: CNVD: CNVD-2018-12843 // VULHUB: VHN-108167 // JVNDB: JVNDB-2017-013795 // CNNVD: CNNVD-201712-934 // NVD: CVE-2017-17171

SOURCES

db:	CNVD	id:	CNVD-2018-12843
db:	VULHUB	id:	VHN-108167
db:	JVNDB	id:	JVNDB-2017-013795
db:	CNNVD	id:	CNNVD-201712-934
db:	NVD	id:	CVE-2017-17171

LAST UPDATE DATE

2024-11-23T23:02:09.047000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-12843	date:	2018-07-11T00:00:00
db:	VULHUB	id:	VHN-108167	date:	2018-07-27T00:00:00
db:	JVNDB	id:	JVNDB-2017-013795	date:	2018-08-13T00:00:00
db:	CNNVD	id:	CNNVD-201712-934	date:	2018-06-06T00:00:00
db:	NVD	id:	CVE-2017-17171	date:	2024-11-21T03:17:38.477

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2018-12843	date:	2018-07-11T00:00:00
db:	VULHUB	id:	VHN-108167	date:	2018-06-01T00:00:00
db:	JVNDB	id:	JVNDB-2017-013795	date:	2018-08-13T00:00:00
db:	CNNVD	id:	CNNVD-201712-934	date:	2017-12-26T00:00:00
db:	NVD	id:	CVE-2017-17171	date:	2018-06-01T14:29:00.207