ID
VAR-201806-0423
CVE
CVE-2017-17172
TITLE
Huawei LYO-L21 Vulnerabilities related to authorization, authority, and access control in smartphones
Trust: 0.8
DESCRIPTION
Huawei smart phones LYO-L21 with software LYO-L21C479B107, LYO-L21C479B107 have a privilege escalation vulnerability. An authenticated, local attacker can crafts malformed packets after tricking a user to install a malicious application and exploit this vulnerability when in the exception handling process. Successful exploitation may cause the attacker to obtain a higher privilege of the smart phones. Huawei LYO-L21 Smartphones have vulnerabilities related to authorization, authority, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HuaweiLYO-L21 is a smartphone product of China's Huawei company
Trust: 2.25
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | huawei | model: | lyo-l21 | scope: | - | version: | - | Trust: 1.4 |
| vendor: | huawei | model: | lyo-l21 | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | huawei | model: | lyo-l21 lyo-l21c479b107 | scope: | - | version: | - | Trust: 0.6 |
| vendor: | huawei | model: | lyo-l21 lyo-l21c577b126 | scope: | - | version: | - | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-755 | Trust: 1.1 |
| problemtype: | CWE-264 | Trust: 0.9 |
THREAT TYPE
local
Trust: 0.6
TYPE
permissions and access control issues
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | huawei-sa-20180613-01-smartphone | url: | http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180613-01-smartphone-en | Trust: 0.8 |
| title: | HuaweiLYO-L21 mobile phone rights promotion vulnerability patch | url: | https://www.cnvd.org.cn/patchInfo/show/134019 | Trust: 0.6 |
| title: | Huawei LYO-L21 Fixes for permission permissions and access control vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=100251 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2017-17172 | Trust: 3.1 |
| db: | JVNDB | id: | JVNDB-2017-013999 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201712-933 | Trust: 0.7 |
| db: | CNVD | id: | CNVD-2018-12845 | Trust: 0.6 |
| db: | VULHUB | id: | VHN-108168 | Trust: 0.1 |
REFERENCES
| url: | http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180613-01-smartphone-en | Trust: 1.7 |
| url: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17172 | Trust: 0.8 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2017-17172 | Trust: 0.8 |
| url: | https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20180613-01-smartphone-cn | Trust: 0.6 |
SOURCES
| db: | CNVD | id: | CNVD-2018-12845 |
| db: | VULHUB | id: | VHN-108168 |
| db: | JVNDB | id: | JVNDB-2017-013999 |
| db: | CNNVD | id: | CNNVD-201712-933 |
| db: | NVD | id: | CVE-2017-17172 |
LAST UPDATE DATE
2024-11-23T22:12:31.234000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2018-12845 | date: | 2018-07-11T00:00:00 |
| db: | VULHUB | id: | VHN-108168 | date: | 2019-10-03T00:00:00 |
| db: | JVNDB | id: | JVNDB-2017-013999 | date: | 2018-08-28T00:00:00 |
| db: | CNNVD | id: | CNNVD-201712-933 | date: | 2019-10-23T00:00:00 |
| db: | NVD | id: | CVE-2017-17172 | date: | 2024-11-21T03:17:38.623 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2018-12845 | date: | 2018-07-11T00:00:00 |
| db: | VULHUB | id: | VHN-108168 | date: | 2018-06-14T00:00:00 |
| db: | JVNDB | id: | JVNDB-2017-013999 | date: | 2018-08-28T00:00:00 |
| db: | CNNVD | id: | CNNVD-201712-933 | date: | 2017-12-26T00:00:00 |
| db: | NVD | id: | CVE-2017-17172 | date: | 2018-06-14T14:29:00.213 |