Sign-up

ID

VAR-201802-0439


CVE

CVE-2017-17159


TITLE

Huawei Vulnerability related to input validation in smartphone software

Trust: 0.8

sources: JVNDB: JVNDB-2017-012676

DESCRIPTION

Some Huawei smart phones with software of NXT-AL10C00B386, NXT-CL00C92B386, NXT-DL00C17B386, NXT-TL00C01B386SP01, NTS-AL00C00B535 have a DoS vulnerability due to insufficient input validation. An unauthenticated attacker could send malformed System Information(SI) messages to the smart phone within radio range by special wireless device. Successful exploit could make the smart phone restart. HuaweiMT8-EMUI4.1 and NTS-AL00 are all smartphones of China's Huawei company. HuaweiMT8-EMUI4.1 and NTS-AL00 have a denial of service vulnerability. Both Huawei MT8-EMUI4.1 and NTS-AL00 are smartphone products of China Huawei (Huawei). The following products and versions are affected: Huawei MT8-EMUI4.1 NXT-AL10C00B386 version, NXT-CL00C92B386 version, NXT-DL00C17B386 version, NXT-TL00C01B386SP01 version; NTS-AL00 NTS-AL00C00B535 version

Trust: 2.25

sources: NVD: CVE-2017-17159 // JVNDB: JVNDB-2017-012676 // CNVD: CNVD-2017-38524 // VULHUB: VHN-108153

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-38524

AFFECTED PRODUCTS

vendor:huaweimodel:mt8-emui4.1scope:eqversion:nxt-al10c00b386

Trust: 2.4

vendor:huaweimodel:mt8-emui4.1scope:eqversion:nxt-cl00c92b386

Trust: 2.4

vendor:huaweimodel:mt8-emui4.1scope:eqversion:nxt-dl00c17b386

Trust: 2.4

vendor:huaweimodel:mt8-emui4.1scope:eqversion:nxt-tl00c01b386sp01

Trust: 2.4

vendor:huaweimodel:nts-al00scope:eqversion:nts-al00c00b535

Trust: 2.4

vendor:huaweimodel:nts-al00 nts-al00c00b535scope: - version: -

Trust: 0.6

vendor:huaweimodel:mt8-emui4.1 nxt-al10c00b386scope: - version: -

Trust: 0.6

vendor:huaweimodel:mt8-emui4.1 nxt-cl00c92b386scope: - version: -

Trust: 0.6

vendor:huaweimodel:mt8-emui4.1 nxt-dl00c17b386scope: - version: -

Trust: 0.6

vendor:huaweimodel:mt8-emui4.1 nxt-tl00c01b386sp01scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2017-38524 // JVNDB: JVNDB-2017-012676 // CNNVD: CNNVD-201712-314 // NVD: CVE-2017-17159

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-17159
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-17159
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2017-38524
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201712-314
value: MEDIUM

Trust: 0.6

VULHUB: VHN-108153
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-17159
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-38524
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-108153
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-17159
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-38524 // VULHUB: VHN-108153 // JVNDB: JVNDB-2017-012676 // CNNVD: CNNVD-201712-314 // NVD: CVE-2017-17159

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-108153 // JVNDB: JVNDB-2017-012676 // NVD: CVE-2017-17159

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201712-314

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201712-314

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-012676

PATCH
title:huawei-sa-20171220-02-smartphoneurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-02-smartphone-en
Trust: 0.8
title:Patch for HuaweiMT8-EMUI4.1 and NTS-AL00 Denial of Service Vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/112241
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-38524 // 
            
            
            
            JVNDB: JVNDB-2017-012676

EXTERNAL IDS
db:NVDid:CVE-2017-17159
Trust: 3.1
db:JVNDBid:JVNDB-2017-012676
Trust: 0.8
db:CNNVDid:CNNVD-201712-314
Trust: 0.7
db:CNVDid:CNVD-2017-38524
Trust: 0.6
db:VULHUBid:VHN-108153
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-38524 // 
            
            
            
            VULHUB: VHN-108153 // 
            
            
            
            JVNDB: JVNDB-2017-012676 // 
            
            
            
            CNNVD: CNNVD-201712-314 // 
            
            
            
            NVD: CVE-2017-17159

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-02-smartphone-en
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17159
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-17159
Trust: 0.8
url:http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20171220-02-smartphone-cn
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-38524 // 
            
            
            
            VULHUB: VHN-108153 // 
            
            
            
            JVNDB: JVNDB-2017-012676 // 
            
            
            
            CNNVD: CNNVD-201712-314 // 
            
            
            
            NVD: CVE-2017-17159

SOURCES
db:CNVDid:CNVD-2017-38524
db:VULHUBid:VHN-108153
db:JVNDBid:JVNDB-2017-012676
db:CNNVDid:CNNVD-201712-314
db:NVDid:CVE-2017-17159

LAST UPDATE DATE
2024-11-23T22:45:26.839000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-38524date:2017-12-29T00:00:00
db:VULHUBid:VHN-108153date:2018-03-14T00:00:00
db:JVNDBid:JVNDB-2017-012676date:2018-04-04T00:00:00
db:CNNVDid:CNNVD-201712-314date:2018-02-22T00:00:00
db:NVDid:CVE-2017-17159date:2024-11-21T03:17:36.523

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-38524date:2017-12-29T00:00:00
db:VULHUBid:VHN-108153date:2018-02-15T00:00:00
db:JVNDBid:JVNDB-2017-012676date:2018-04-04T00:00:00
db:CNNVDid:CNNVD-201712-314date:2017-12-08T00:00:00
db:NVDid:CVE-2017-17159date:2018-02-15T16:29:01.970