Sign-up

ID

VAR-201711-0213


CVE

CVE-2017-2697


TITLE

plural Huawei Smartphone buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-010799

DESCRIPTION

The goldeneye driver in NMO-L31C432B120 and earlier versions,NEM-L21C432B100 and earlier versions,NEM-L51C432B120 and earlier versions,KNT-AL10C746B160 and earlier versions,VNS-L21C185B142 and earlier versions,CAM-L21C10B130 and earlier versions,CAM-L21C185B141 and earlier versions has buffer overflow vulnerability. An attacker with the root privilege of the Android system can tricks a user into installing a malicious application on the smart phone, and send given parameter to smart phone to crash the system or escalate privilege. plural Huawei Smartphones contain a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HuaweiGT3, Honor5C, Glory V8, P9Lite, and Y6II are smart phones from China's Huawei company. Huawei GT3 and others are smartphone products of the Chinese company Huawei (Huawei). goldeneye driver is a goldeneye driver running in it. The following products and versions are affected: Huawei GT3 NMO-L31C432B120 and earlier; Honor 5C NEM-L21C432B100 and earlier, NEM-L21C432B120 and earlier; Honor V8 KNT-AL10C746B160 and earlier; P9 Lite VNS-L21C185B142 and previous versions; Y6â…¡CAM-L21C10B130 and previous versions, CAM-L21C185B141 and previous versions

Trust: 2.25

sources: NVD: CVE-2017-2697 // JVNDB: JVNDB-2017-010799 // CNVD: CNVD-2017-01149 // VULHUB: VHN-110900

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-01149

AFFECTED PRODUCTS

vendor:huaweimodel:gt3scope:lteversion:nmo-l31c432b120

Trust: 1.0

vendor:huaweimodel:y6iiscope:lteversion:cam-l21c185b141

Trust: 1.0

vendor:huaweimodel:p9 litescope:lteversion:vns-l21c185b142

Trust: 1.0

vendor:huaweimodel:honor 5cscope:lteversion:nem-l51c432b120

Trust: 1.0

vendor:huaweimodel:kntscope:lteversion:knt-al10c746b160

Trust: 1.0

vendor:huaweimodel:y6iiscope:lteversion:cam-l21c10b130

Trust: 1.0

vendor:huaweimodel:gt3scope: - version: -

Trust: 0.8

vendor:huaweimodel:honor 5cscope: - version: -

Trust: 0.8

vendor:huaweimodel:kntscope: - version: -

Trust: 0.8

vendor:huaweimodel:p9 litescope: - version: -

Trust: 0.8

vendor:huaweimodel:y6iiscope: - version: -

Trust: 0.8

vendor:huaweimodel:y6ii <=cam-l21c10b130scope: - version: -

Trust: 0.6

vendor:huaweimodel:y6ii <=cam-l21c185b141scope: - version: -

Trust: 0.6

vendor:huaweimodel:p9 lite <=vns-l21c185b142scope: - version: -

Trust: 0.6

vendor:huaweimodel:glory <=knt-al10c746b160scope:eqversion:v8

Trust: 0.6

vendor:huaweimodel:honor 5c <=nem-l51c432b120scope: - version: -

Trust: 0.6

vendor:huaweimodel:honor 5c <=nem-l21c432b100scope: - version: -

Trust: 0.6

vendor:huaweimodel:gt3 <=nmo-l31c432b120scope: - version: -

Trust: 0.6

vendor:huaweimodel:gt3scope:eqversion:nmo-l31c432b120

Trust: 0.6

vendor:huaweimodel:y6iiscope:eqversion:cam-l21c185b141

Trust: 0.6

vendor:huaweimodel:y6iiscope:eqversion:cam-l21c10b130

Trust: 0.6

vendor:huaweimodel:honor 5cscope:eqversion:nem-l51c432b120

Trust: 0.6

vendor:huaweimodel:p9 litescope:eqversion:vns-l21c185b142

Trust: 0.6

vendor:huaweimodel:kntscope:eqversion:knt-al10c746b160

Trust: 0.6

sources: CNVD: CNVD-2017-01149 // JVNDB: JVNDB-2017-010799 // NVD: CVE-2017-2697 // CNNVD: CNNVD-201711-1014

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2017-2697
value: HIGH

Trust: 1.8

CNVD: CNVD-2017-01149
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201711-1014
value: CRITICAL

Trust: 0.6

VULHUB: VHN-110900
value: HIGH

Trust: 0.1

NVD:
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: TRUE
version: 2.0

Trust: 1.0

NVD: CVE-2017-2697
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2017-01149
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-110900
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

NVD:
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: CVE-2017-2697
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2017-01149 // VULHUB: VHN-110900 // JVNDB: JVNDB-2017-010799 // NVD: CVE-2017-2697 // CNNVD: CNNVD-201711-1014

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-110900 // JVNDB: JVNDB-2017-010799 // NVD: CVE-2017-2697

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201711-1014

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201711-1014

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2017-2697

PATCH
title:huawei-sa-20170208-02-smartphoneurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170208-02-smartphone-en
Trust: 0.8
title:Huawei mobile phone Goldeneye driver buffer overflow vulnerability patchurl:https://www.cnvd.org.cn/patchinfo/show/88847
Trust: 0.6
title:Multiple Huawei product goldeneye Driver Buffer Error Vulnerability Fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=76724
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-01149 // 
            
            
            
            JVNDB: JVNDB-2017-010799 // 
            
            
            
            CNNVD: CNNVD-201711-1014

EXTERNAL IDS
db:NVDid:CVE-2017-2697
Trust: 3.1
db:JVNDBid:JVNDB-2017-010799
Trust: 0.8
db:CNNVDid:CNNVD-201711-1014
Trust: 0.7
db:CNVDid:CNVD-2017-01149
Trust: 0.6
db:VULHUBid:VHN-110900
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-01149 // 
            
            
            
            VULHUB: VHN-110900 // 
            
            
            
            JVNDB: JVNDB-2017-010799 // 
            
            
            
            NVD: CVE-2017-2697 // 
            
            
            
            CNNVD: CNNVD-201711-1014

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170208-02-smartphone-en
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2697
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-2697
Trust: 0.8
url:http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20170208-02-smartphone-cn
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-01149 // 
            
            
            
            VULHUB: VHN-110900 // 
            
            
            
            JVNDB: JVNDB-2017-010799 // 
            
            
            
            NVD: CVE-2017-2697 // 
            
            
            
            CNNVD: CNNVD-201711-1014

SOURCES
db:CNVDid:CNVD-2017-01149
db:VULHUBid:VHN-110900
db:JVNDBid:JVNDB-2017-010799
db:NVDid:CVE-2017-2697
db:CNNVDid:CNNVD-201711-1014

LAST UPDATE DATE
2023-12-18T12:44:21.210000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-01149date:2017-02-09T00:00:00
db:VULHUBid:VHN-110900date:2017-12-12T00:00:00
db:JVNDBid:JVNDB-2017-010799date:2017-12-25T00:00:00
db:NVDid:CVE-2017-2697date:2017-12-12T18:14:43.370
db:CNNVDid:CNNVD-201711-1014date:2017-11-24T00:00:00

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-01149date:2017-02-09T00:00:00
db:VULHUBid:VHN-110900date:2017-11-22T00:00:00
db:JVNDBid:JVNDB-2017-010799date:2017-12-25T00:00:00
db:NVDid:CVE-2017-2697date:2017-11-22T19:29:00.490
db:CNNVDid:CNNVD-201711-1014date:2017-11-24T00:00:00