Sign-up

ID

VAR-201803-0205


CVE

CVE-2017-17327


TITLE

Huawei MHA-AL00A Resource Management Error Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2017-38098 // CNNVD: CNNVD-201712-877

DESCRIPTION

Huawei smartphones with software of MHA-AL00AC00B125 have an improper resource management vulnerability. The software does not properly manage the resource when do device register operation. An attacker tricks the user who has root privilege to install a crafted application, successful exploit could cause certain service unavailable. HuaweiMHA-AL00A is a smartphone product from China's Huawei company. A resource management error vulnerability exists in the HuaweiMHA-AL00AMHA-AL00AC00B125 version, which is caused by the system failing to properly lock resources when processing a registration operation. Huawei Smart Phones are prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. Huawei MHA-AL00A is a smart phone product of China Huawei (Huawei)

Trust: 2.52

sources: NVD: CVE-2017-17327 // JVNDB: JVNDB-2017-012886 // CNVD: CNVD-2017-38098 // BID: 103418 // VULHUB: VHN-108338

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-38098

AFFECTED PRODUCTS

vendor:huaweimodel:mha-al00ascope:eqversion:mha-al00ac00b125

Trust: 1.6

vendor:huaweimodel:mha-al00a mha-al00ac00b125scope: - version: -

Trust: 0.9

vendor:huaweimodel:mha-al00ascope: - version: -

Trust: 0.8

vendor:huaweimodel:mha-al00a mha-al00bc00b231scope:neversion: -

Trust: 0.3

sources: CNVD: CNVD-2017-38098 // BID: 103418 // JVNDB: JVNDB-2017-012886 // CNNVD: CNNVD-201712-877 // NVD: CVE-2017-17327

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-17327
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-17327
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2017-38098
value: LOW

Trust: 0.6

CNNVD: CNNVD-201712-877
value: MEDIUM

Trust: 0.6

VULHUB: VHN-108338
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-17327
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-38098
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-108338
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-17327
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-38098 // VULHUB: VHN-108338 // JVNDB: JVNDB-2017-012886 // CNNVD: CNNVD-201712-877 // NVD: CVE-2017-17327

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-399

Trust: 0.9

sources: VULHUB: VHN-108338 // JVNDB: JVNDB-2017-012886 // NVD: CVE-2017-17327

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201712-877

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201712-877

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-012886

PATCH
title:Security Advisory - Improper Resource Management Vulnerability on Huawei Smartphonesurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-03-smartphone-en
Trust: 0.8
title:HuaweiMHA-AL00A resource management error vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/111711
Trust: 0.6
title:Huawei MHA-AL00A Remediation of resource management error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77326
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-38098 // 
            
            
            
            JVNDB: JVNDB-2017-012886 // 
            
            
            
            CNNVD: CNNVD-201712-877

EXTERNAL IDS
db:NVDid:CVE-2017-17327
Trust: 3.4
db:JVNDBid:JVNDB-2017-012886
Trust: 0.8
db:CNNVDid:CNNVD-201712-877
Trust: 0.7
db:CNVDid:CNVD-2017-38098
Trust: 0.6
db:BIDid:103418
Trust: 0.4
db:VULHUBid:VHN-108338
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-38098 // 
            
            
            
            VULHUB: VHN-108338 // 
            
            
            
            BID: 103418 // 
            
            
            
            JVNDB: JVNDB-2017-012886 // 
            
            
            
            CNNVD: CNNVD-201712-877 // 
            
            
            
            NVD: CVE-2017-17327

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-03-smartphone-en
Trust: 2.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17327
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-17327
Trust: 0.8
url:http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20171220-03-smartphone-cn
Trust: 0.6
url:http://www.huawei.com/en/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-38098 // 
            
            
            
            VULHUB: VHN-108338 // 
            
            
            
            BID: 103418 // 
            
            
            
            JVNDB: JVNDB-2017-012886 // 
            
            
            
            CNNVD: CNNVD-201712-877 // 
            
            
            
            NVD: CVE-2017-17327

CREDITS
He Yao of Baidu X-Lab
Trust: 0.9
sources:
            
            
            BID: 103418 // 
            
            
            
            CNNVD: CNNVD-201712-877

SOURCES
db:CNVDid:CNVD-2017-38098
db:VULHUBid:VHN-108338
db:BIDid:103418
db:JVNDBid:JVNDB-2017-012886
db:CNNVDid:CNNVD-201712-877
db:NVDid:CVE-2017-17327

LAST UPDATE DATE
2024-11-23T21:53:20.983000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-38098date:2017-12-26T00:00:00
db:VULHUBid:VHN-108338date:2019-10-03T00:00:00
db:BIDid:103418date:2017-12-20T00:00:00
db:JVNDBid:JVNDB-2017-012886date:2018-04-26T00:00:00
db:CNNVDid:CNNVD-201712-877date:2019-10-23T00:00:00
db:NVDid:CVE-2017-17327date:2024-11-21T03:17:50.680

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-38098date:2017-12-26T00:00:00
db:VULHUBid:VHN-108338date:2018-03-09T00:00:00
db:BIDid:103418date:2017-12-20T00:00:00
db:JVNDBid:JVNDB-2017-012886date:2018-04-26T00:00:00
db:CNNVDid:CNNVD-201712-877date:2017-12-25T00:00:00
db:NVDid:CVE-2017-17327date:2018-03-09T17:29:02.190