Sign-up

ID

VAR-201711-0225


CVE

CVE-2017-2709


TITLE

HiGame and SkyTone Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-010797

DESCRIPTION

HiGame with software earlier than 7.3.0 versions, SkyTone with software earlier than 8.1.1 versions have a DoS Vulnerability. An attacker tricks a user into installing a malicious application on the smart phone, the attacker can send malformed packets to the device. Due to the lack of adequate input validation of APPs, which causes the APPs Denial of Service. HiGame and SkyTone Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Both Huawei HiGame and SkyTone are products of the Chinese company Huawei. Huawei HiGame is a mobile game download application. SkyTone is a dedicated Internet application for Huawei mobile phones

Trust: 1.71

sources: NVD: CVE-2017-2709 // JVNDB: JVNDB-2017-010797 // VULHUB: VHN-110912

AFFECTED PRODUCTS

vendor:huaweimodel:higamescope:ltversion:7.3.0

Trust: 1.8

vendor:huaweimodel:skytonescope:ltversion:8.1.1

Trust: 1.8

sources: JVNDB: JVNDB-2017-010797 // NVD: CVE-2017-2709

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-2709
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-2709
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201711-1012
value: MEDIUM

Trust: 0.6

VULHUB: VHN-110912
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-2709
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-110912
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-2709
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-110912 // JVNDB: JVNDB-2017-010797 // CNNVD: CNNVD-201711-1012 // NVD: CVE-2017-2709

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-110912 // JVNDB: JVNDB-2017-010797 // NVD: CVE-2017-2709

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201711-1012

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201711-1012

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-010797

PATCH
title:huawei-sa-20170913-01-appdosurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170913-01-appdos-en
Trust: 0.8
title:Huawei HiGame  and SkyTone Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76722
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-010797 // 
            
            
            
            CNNVD: CNNVD-201711-1012

EXTERNAL IDS
db:NVDid:CVE-2017-2709
Trust: 2.5
db:JVNDBid:JVNDB-2017-010797
Trust: 0.8
db:CNNVDid:CNNVD-201711-1012
Trust: 0.7
db:VULHUBid:VHN-110912
Trust: 0.1
sources:
            
            
            VULHUB: VHN-110912 // 
            
            
            
            JVNDB: JVNDB-2017-010797 // 
            
            
            
            CNNVD: CNNVD-201711-1012 // 
            
            
            
            NVD: CVE-2017-2709

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170913-01-appdos-en
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2709
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-2709
Trust: 0.8
sources:
            
            
            VULHUB: VHN-110912 // 
            
            
            
            JVNDB: JVNDB-2017-010797 // 
            
            
            
            CNNVD: CNNVD-201711-1012 // 
            
            
            
            NVD: CVE-2017-2709

SOURCES
db:VULHUBid:VHN-110912
db:JVNDBid:JVNDB-2017-010797
db:CNNVDid:CNNVD-201711-1012
db:NVDid:CVE-2017-2709

LAST UPDATE DATE
2025-04-20T23:12:45.906000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-110912date:2017-12-12T00:00:00
db:JVNDBid:JVNDB-2017-010797date:2017-12-25T00:00:00
db:CNNVDid:CNNVD-201711-1012date:2017-11-24T00:00:00
db:NVDid:CVE-2017-2709date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-110912date:2017-11-22T00:00:00
db:JVNDBid:JVNDB-2017-010797date:2017-12-25T00:00:00
db:CNNVDid:CNNVD-201711-1012date:2017-11-24T00:00:00
db:NVDid:CVE-2017-2709date:2017-11-22T19:29:00.897