Sign-up

ID

VAR-201803-0206


CVE

CVE-2017-17328


TITLE

Huawei Integer overflow vulnerability in smartphone software

Trust: 0.8

sources: JVNDB: JVNDB-2017-012887

DESCRIPTION

Huawei smartphones with software of MHA-AL00AC00B125 have an integer overflow vulnerability. The software does not process certain variable properly when handle certain process. An attacker tricks the user who has root privilege to install a crafted application, successful exploit could cause information disclosure. HuaweiMHA-AL00A is a smartphone product from China's Huawei company. An integer overflow vulnerability exists in the HuaweiMHA-AL00AMHA-AL00AC00B125 version, which stems from a program not processing a variable correctly while processing a process. Huawei Smart Phones are prone to an integer-overflow vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Due to the nature of this issue, code execution may be possible but this has not been confirmed

Trust: 2.52

sources: NVD: CVE-2017-17328 // JVNDB: JVNDB-2017-012887 // CNVD: CNVD-2017-38097 // BID: 103419 // VULHUB: VHN-108339

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-38097

AFFECTED PRODUCTS

vendor:huaweimodel:mha-al00ascope:eqversion:mha-al00ac00b125

Trust: 1.6

vendor:huaweimodel:mha-al00a mha-al00ac00b125scope: - version: -

Trust: 0.9

vendor:huaweimodel:mha-al00ascope: - version: -

Trust: 0.8

vendor:huaweimodel:mha-al00a mha-al00bc00b231scope:neversion: -

Trust: 0.3

sources: CNVD: CNVD-2017-38097 // BID: 103419 // JVNDB: JVNDB-2017-012887 // CNNVD: CNNVD-201712-878 // NVD: CVE-2017-17328

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-17328
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-17328
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2017-38097
value: LOW

Trust: 0.6

CNNVD: CNNVD-201712-878
value: HIGH

Trust: 0.6

VULHUB: VHN-108339
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-17328
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-38097
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-108339
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-17328
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-38097 // VULHUB: VHN-108339 // JVNDB: JVNDB-2017-012887 // CNNVD: CNNVD-201712-878 // NVD: CVE-2017-17328

PROBLEMTYPE DATA

problemtype:CWE-190

Trust: 1.9

sources: VULHUB: VHN-108339 // JVNDB: JVNDB-2017-012887 // NVD: CVE-2017-17328

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201712-878

TYPE

digital error

Trust: 0.6

sources: CNNVD: CNNVD-201712-878

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-012887

PATCH
title:Security Advisory - Integer Overflow Vulnerability on Smartphonesurl:http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171220-01-smartphone-en
Trust: 0.8
title:HuaweiMHA-AL00A Patch for Integer Overflow Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/111709
Trust: 0.6
title:Huawei MHA-AL00A Fixes for digital error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77327
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-38097 // 
            
            
            
            JVNDB: JVNDB-2017-012887 // 
            
            
            
            CNNVD: CNNVD-201712-878

EXTERNAL IDS
db:NVDid:CVE-2017-17328
Trust: 3.4
db:JVNDBid:JVNDB-2017-012887
Trust: 0.8
db:CNNVDid:CNNVD-201712-878
Trust: 0.7
db:CNVDid:CNVD-2017-38097
Trust: 0.6
db:NSFOCUSid:39155
Trust: 0.6
db:BIDid:103419
Trust: 0.4
db:VULHUBid:VHN-108339
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-38097 // 
            
            
            
            VULHUB: VHN-108339 // 
            
            
            
            BID: 103419 // 
            
            
            
            JVNDB: JVNDB-2017-012887 // 
            
            
            
            CNNVD: CNNVD-201712-878 // 
            
            
            
            NVD: CVE-2017-17328

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171220-01-smartphone-en
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17328
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-17328
Trust: 0.8
url:http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20171220-01-smartphone-cn
Trust: 0.6
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-01-smartphone-en
Trust: 0.6
url:http://www.nsfocus.net/vulndb/39155
Trust: 0.6
url:http://www.huawei.com/en/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-38097 // 
            
            
            
            VULHUB: VHN-108339 // 
            
            
            
            BID: 103419 // 
            
            
            
            JVNDB: JVNDB-2017-012887 // 
            
            
            
            CNNVD: CNNVD-201712-878 // 
            
            
            
            NVD: CVE-2017-17328

CREDITS
He Yao of Baidu X-Lab
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201712-878

SOURCES
db:CNVDid:CNVD-2017-38097
db:VULHUBid:VHN-108339
db:BIDid:103419
db:JVNDBid:JVNDB-2017-012887
db:CNNVDid:CNNVD-201712-878
db:NVDid:CVE-2017-17328

LAST UPDATE DATE
2024-11-23T22:17:38.569000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-38097date:2017-12-26T00:00:00
db:VULHUBid:VHN-108339date:2018-03-29T00:00:00
db:BIDid:103419date:2017-12-20T00:00:00
db:JVNDBid:JVNDB-2017-012887date:2018-04-26T00:00:00
db:CNNVDid:CNNVD-201712-878date:2017-12-25T00:00:00
db:NVDid:CVE-2017-17328date:2024-11-21T03:17:50.790

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-38097date:2017-12-26T00:00:00
db:VULHUBid:VHN-108339date:2018-03-09T00:00:00
db:BIDid:103419date:2017-12-20T00:00:00
db:JVNDBid:JVNDB-2017-012887date:2018-04-26T00:00:00
db:CNNVDid:CNNVD-201712-878date:2017-12-25T00:00:00
db:NVDid:CVE-2017-17328date:2018-03-09T17:29:02.220