Sign-up

ID

VAR-201802-0264


CVE

CVE-2017-17285


TITLE

Huawei Buffer error vulnerability in smartphone software

Trust: 0.8

sources: JVNDB: JVNDB-2017-012679

DESCRIPTION

Bluetooth module in some Huawei mobile phones with software LON-AL00BC00B229 and earlier versions has a buffer overflow vulnerability. Due to insufficient input validation, an unauthenticated attacker may craft Bluetooth AVDTP/AVCTP messages after successful paring, causing buffer overflow. Successful exploit may cause code execution. Huawei Smartphone software contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Huawei LON-AL00B is a smart phone product of China Huawei (Huawei). Bluetooth module is one of the Bluetooth modules. The vulnerability is caused by insufficient verification of input in the program. Attackers can exploit this vulnerability to execute code by forging or tampering with Bluetooth AVDTP/AVCTP packets after successful Bluetooth pairing

Trust: 1.71

sources: NVD: CVE-2017-17285 // JVNDB: JVNDB-2017-012679 // VULHUB: VHN-108292

AFFECTED PRODUCTS

vendor:huaweimodel:lon-al00bscope:lteversion:lon-al00bc00b229

Trust: 1.8

vendor:huaweimodel:lon-al00bscope:eqversion:lon-al00bc00b229

Trust: 0.6

sources: JVNDB: JVNDB-2017-012679 // CNNVD: CNNVD-201802-457 // NVD: CVE-2017-17285

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-17285
value: HIGH

Trust: 1.0

NVD: CVE-2017-17285
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201802-457
value: MEDIUM

Trust: 0.6

VULHUB: VHN-108292
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-17285
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-108292
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-17285
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-108292 // JVNDB: JVNDB-2017-012679 // CNNVD: CNNVD-201802-457 // NVD: CVE-2017-17285

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-108292 // JVNDB: JVNDB-2017-012679 // NVD: CVE-2017-17285

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201802-457

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201802-457

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-012679

PATCH
title:huawei-sa-20180129-01-bluetoothurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180129-01-bluetooth-en
Trust: 0.8
title:Huawei LON-AL00B Bluetooth Fixes for module buffer error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=78536
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-012679 // 
            
            
            
            CNNVD: CNNVD-201802-457

EXTERNAL IDS
db:NVDid:CVE-2017-17285
Trust: 2.5
db:JVNDBid:JVNDB-2017-012679
Trust: 0.8
db:CNNVDid:CNNVD-201802-457
Trust: 0.7
db:VULHUBid:VHN-108292
Trust: 0.1
sources:
            
            
            VULHUB: VHN-108292 // 
            
            
            
            JVNDB: JVNDB-2017-012679 // 
            
            
            
            CNNVD: CNNVD-201802-457 // 
            
            
            
            NVD: CVE-2017-17285

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180129-01-bluetooth-en
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17285
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-17285
Trust: 0.8
sources:
            
            
            VULHUB: VHN-108292 // 
            
            
            
            JVNDB: JVNDB-2017-012679 // 
            
            
            
            CNNVD: CNNVD-201802-457 // 
            
            
            
            NVD: CVE-2017-17285

SOURCES
db:VULHUBid:VHN-108292
db:JVNDBid:JVNDB-2017-012679
db:CNNVDid:CNNVD-201802-457
db:NVDid:CVE-2017-17285

LAST UPDATE DATE
2024-11-23T23:08:47.174000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-108292date:2018-03-14T00:00:00
db:JVNDBid:JVNDB-2017-012679date:2018-04-04T00:00:00
db:CNNVDid:CNNVD-201802-457date:2018-02-22T00:00:00
db:NVDid:CVE-2017-17285date:2024-11-21T03:17:45.107

SOURCES RELEASE DATE
db:VULHUBid:VHN-108292date:2018-02-15T00:00:00
db:JVNDBid:JVNDB-2017-012679date:2018-04-04T00:00:00
db:CNNVDid:CNNVD-201802-457date:2018-02-22T00:00:00
db:NVDid:CVE-2017-17285date:2018-02-15T16:29:02.813