Sign-up

ID

VAR-201810-0047


CVE

CVE-2017-17176


TITLE

Huawei Mate 9 and Mate 9 Pro Vulnerabilities related to authorization, authority, and access control in smartphones

Trust: 0.8

sources: JVNDB: JVNDB-2017-014321

DESCRIPTION

The hardware security module of Mate 9 and Mate 9 Pro Huawei smart phones with the versions earlier before MHA-AL00BC00B156, versions earlier before MHA-CL00BC00B156, versions earlier before MHA-DL00BC00B156, versions earlier before MHA-TL00BC00B156, versions earlier before LON-AL00BC00B156, versions earlier before LON-CL00BC00B156, versions earlier before LON-DL00BC00B156, versions earlier before LON-TL00BC00B156 has a arbitrary memory read/write vulnerability due to the input parameters validation. An attacker with the root privilege of the Android system could exploit this vulnerability to read and write memory data anywhere or execute arbitrary code in the TrustZone. Huawei Mate 9 and Mate 9 Pro Smartphones have vulnerabilities related to authorization, authority, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HuaweiMate9 and Mate9Pro are both Huawei's smartphone products. The vulnerability is due to insufficient input verification in the hardware security module of some Huawei phones. The Huawei Mate 9 and Mate 9 Pro are smartphones from the Chinese company Huawei

Trust: 2.25

sources: NVD: CVE-2017-17176 // JVNDB: JVNDB-2017-014321 // CNVD: CNVD-2018-20883 // VULHUB: VHN-108172

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-20883

AFFECTED PRODUCTS

vendor:huaweimodel:mate 9 proscope:ltversion:lon-al00bc00b156

Trust: 1.8

vendor:huaweimodel:mate 9 proscope:ltversion:lon-cl00bc00b156

Trust: 1.8

vendor:huaweimodel:mate 9 proscope:ltversion:lon-dl00bc00b156

Trust: 1.8

vendor:huaweimodel:mate 9 proscope:ltversion:lon-tl00bc00b156

Trust: 1.8

vendor:huaweimodel:mate 9scope:ltversion:mha-al00bc00b156

Trust: 1.8

vendor:huaweimodel:mate 9scope:ltversion:mha-cl00bc00b156

Trust: 1.8

vendor:huaweimodel:mate 9scope:ltversion:mha-dl00bc00b156

Trust: 1.8

vendor:huaweimodel:mate 9scope:ltversion:mha-tl00bc00b156

Trust: 1.8

vendor:huaweimodel:mate <mha-al00bc00b156scope:eqversion:9

Trust: 0.6

vendor:huaweimodel:mate <mha-cl00bc00b156scope:eqversion:9

Trust: 0.6

vendor:huaweimodel:mate <mha-dl00bc00b156scope:eqversion:9

Trust: 0.6

vendor:huaweimodel:mate <mha-tl00bc00b156scope:eqversion:9

Trust: 0.6

vendor:huaweimodel:mate pro <lon-al00bc00b156scope:eqversion:9

Trust: 0.6

vendor:huaweimodel:mate pro <lon-cl00bc00b156scope:eqversion:9

Trust: 0.6

vendor:huaweimodel:mate pro <lon-dl00bc00b156scope:eqversion:9

Trust: 0.6

vendor:huaweimodel:mate pro <lon-tl00bc00b156scope:eqversion:9

Trust: 0.6

sources: CNVD: CNVD-2018-20883 // JVNDB: JVNDB-2017-014321 // NVD: CVE-2017-17176

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-17176
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-17176
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2018-20883
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201712-929
value: MEDIUM

Trust: 0.6

VULHUB: VHN-108172
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-17176
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-20883
severity: MEDIUM
baseScore: 6.8
vectorString: AV:L/AC:L/AU:N/C:P/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 9.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-108172
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-17176
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-20883 // VULHUB: VHN-108172 // JVNDB: JVNDB-2017-014321 // CNNVD: CNNVD-201712-929 // NVD: CVE-2017-17176

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.1

problemtype:CWE-264

Trust: 0.9

sources: VULHUB: VHN-108172 // JVNDB: JVNDB-2017-014321 // NVD: CVE-2017-17176

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201712-929

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201712-929

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-014321

PATCH
title:huawei-sa-20170306-01-smartphoneurl:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170306-01-smartphone-en
Trust: 0.8
title:Patch of random memory read and write vulnerabilities for various Huawei phonesurl:https://www.cnvd.org.cn/patchInfo/show/142309
Trust: 0.6
title:Huawei Mate 9  and Mate 9 Pro hardware security Repair measures for module security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=85679
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-20883 // 
            
            
            
            JVNDB: JVNDB-2017-014321 // 
            
            
            
            CNNVD: CNNVD-201712-929

EXTERNAL IDS
db:NVDid:CVE-2017-17176
Trust: 3.1
db:JVNDBid:JVNDB-2017-014321
Trust: 0.8
db:CNNVDid:CNNVD-201712-929
Trust: 0.7
db:CNVDid:CNVD-2018-20883
Trust: 0.6
db:VULHUBid:VHN-108172
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-20883 // 
            
            
            
            VULHUB: VHN-108172 // 
            
            
            
            JVNDB: JVNDB-2017-014321 // 
            
            
            
            CNNVD: CNNVD-201712-929 // 
            
            
            
            NVD: CVE-2017-17176

REFERENCES
url:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170306-01-smartphone-en
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17176
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-17176
Trust: 0.8
url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20170306-01-smartphone-cn
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-20883 // 
            
            
            
            VULHUB: VHN-108172 // 
            
            
            
            JVNDB: JVNDB-2017-014321 // 
            
            
            
            CNNVD: CNNVD-201712-929 // 
            
            
            
            NVD: CVE-2017-17176

SOURCES
db:CNVDid:CNVD-2018-20883
db:VULHUBid:VHN-108172
db:JVNDBid:JVNDB-2017-014321
db:CNNVDid:CNNVD-201712-929
db:NVDid:CVE-2017-17176

LAST UPDATE DATE
2024-11-23T22:17:17.992000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-20883date:2018-10-15T00:00:00
db:VULHUBid:VHN-108172date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2017-014321date:2019-01-23T00:00:00
db:CNNVDid:CNNVD-201712-929date:2019-10-23T00:00:00
db:NVDid:CVE-2017-17176date:2024-11-21T03:17:39.067

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-20883date:2018-10-15T00:00:00
db:VULHUBid:VHN-108172date:2018-10-17T00:00:00
db:JVNDBid:JVNDB-2017-014321date:2019-01-23T00:00:00
db:CNNVDid:CNNVD-201712-929date:2018-10-16T00:00:00
db:NVDid:CVE-2017-17176date:2018-10-17T15:29:00.633