Sign-up

ID

VAR-201803-1313


CVE

CVE-2017-15325


TITLE

Huawei Smart Phone Software integer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-013017

DESCRIPTION

The Bdat driver of Prague smart phones with software versions earlier than Prague-AL00AC00B211, versions earlier than Prague-AL00BC00B211, versions earlier than Prague-AL00CC00B211, versions earlier than Prague-TL00AC01B211, versions earlier than Prague-TL10AC01B211 has integer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP and execute it as a specific privilege; the APP can then send a specific parameter to the driver of the smart phone, causing arbitrary code execution. Huawei Smart Phone Software contains an integer overflow vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Huawei Glory 8 Youth Edition is a smart phone device. The Huawei Glory 8 Youth Edition Bdat driver has an integer overflow vulnerability

Trust: 2.25

sources: NVD: CVE-2017-15325 // JVNDB: JVNDB-2017-013017 // CNVD: CNVD-2018-06067 // VULMON: CVE-2017-15325

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-06067

AFFECTED PRODUCTS

vendor:huaweimodel:prague-tl00ascope:ltversion:prague-tl00ac01b211

Trust: 1.0

vendor:huaweimodel:prague-tl10ascope:ltversion:prague-tl10ac01b211

Trust: 1.0

vendor:huaweimodel:prague-al00ascope:ltversion:prague-al00ac00b211

Trust: 1.0

vendor:huaweimodel:prague-al00cscope:ltversion:prague-al00cc00b211

Trust: 1.0

vendor:huaweimodel:prague-al00bscope:ltversion:prague-al00bc00b211

Trust: 1.0

vendor:huaweimodel:prague-al00ascope: - version: -

Trust: 0.8

vendor:huaweimodel:prague-al00bscope: - version: -

Trust: 0.8

vendor:huaweimodel:prague-al00cscope: - version: -

Trust: 0.8

vendor:huaweimodel:prague-tl00ascope: - version: -

Trust: 0.8

vendor:huaweimodel:prague-tl10ascope: - version: -

Trust: 0.8

vendor:huaweimodel:glory youth edition <=prague-al00ac00b211scope:eqversion:8

Trust: 0.6

vendor:huaweimodel:glory youth version <=prague-al00bc00b211scope:eqversion:8

Trust: 0.6

vendor:huaweimodel:glory youth edition <=prague-al00cc00b211scope:eqversion:8

Trust: 0.6

vendor:huaweimodel:glory youth edition <=prague-tl00ac01b211scope:eqversion:8

Trust: 0.6

vendor:huaweimodel:glory youth edition <=prague-tl10ac01b211scope:eqversion:8

Trust: 0.6

sources: CNVD: CNVD-2018-06067 // JVNDB: JVNDB-2017-013017 // NVD: CVE-2017-15325

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-15325
value: HIGH

Trust: 1.0

NVD: CVE-2017-15325
value: HIGH

Trust: 0.8

CNVD: CNVD-2018-06067
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201803-907
value: CRITICAL

Trust: 0.6

VULMON: CVE-2017-15325
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-15325
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2018-06067
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2017-15325
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-06067 // VULMON: CVE-2017-15325 // JVNDB: JVNDB-2017-013017 // CNNVD: CNNVD-201803-907 // NVD: CVE-2017-15325

PROBLEMTYPE DATA

problemtype:CWE-190

Trust: 1.8

sources: JVNDB: JVNDB-2017-013017 // NVD: CVE-2017-15325

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201803-907

TYPE

digital error

Trust: 0.6

sources: CNNVD: CNNVD-201803-907

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-013017

PATCH
title:huawei-sa-20180321-01-smartphoneurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180321-01-smartphone-en
Trust: 0.8
title:Huawei glory 8Bdat driver patch for integer overflow vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/122889
Trust: 0.6
title:Huawei glory 8 Youth version Bdat Fixes for driver digital error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79404
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-06067 // 
            
            
            
            JVNDB: JVNDB-2017-013017 // 
            
            
            
            CNNVD: CNNVD-201803-907

EXTERNAL IDS
db:NVDid:CVE-2017-15325
Trust: 3.1
db:JVNDBid:JVNDB-2017-013017
Trust: 0.8
db:CNVDid:CNVD-2018-06067
Trust: 0.6
db:CNNVDid:CNNVD-201803-907
Trust: 0.6
db:VULMONid:CVE-2017-15325
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-06067 // 
            
            
            
            VULMON: CVE-2017-15325 // 
            
            
            
            JVNDB: JVNDB-2017-013017 // 
            
            
            
            CNNVD: CNNVD-201803-907 // 
            
            
            
            NVD: CVE-2017-15325

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180321-01-smartphone-en
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-15325
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-15325
Trust: 0.8
url:http://www.huawei.com/cn/psirt/security-advisories/2018/huawei-sa-20180321-01-smartphone-cn
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/190.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-06067 // 
            
            
            
            VULMON: CVE-2017-15325 // 
            
            
            
            JVNDB: JVNDB-2017-013017 // 
            
            
            
            CNNVD: CNNVD-201803-907 // 
            
            
            
            NVD: CVE-2017-15325

SOURCES
db:CNVDid:CNVD-2018-06067
db:VULMONid:CVE-2017-15325
db:JVNDBid:JVNDB-2017-013017
db:CNNVDid:CNNVD-201803-907
db:NVDid:CVE-2017-15325

LAST UPDATE DATE
2024-11-23T22:12:38.979000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-06067date:2018-03-22T00:00:00
db:VULMONid:CVE-2017-15325date:2018-04-19T00:00:00
db:JVNDBid:JVNDB-2017-013017date:2018-05-23T00:00:00
db:CNNVDid:CNNVD-201803-907date:2018-04-03T00:00:00
db:NVDid:CVE-2017-15325date:2024-11-21T03:14:28.067

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-06067date:2018-03-22T00:00:00
db:VULMONid:CVE-2017-15325date:2018-03-23T00:00:00
db:JVNDBid:JVNDB-2017-013017date:2018-05-23T00:00:00
db:CNNVDid:CNNVD-201803-907date:2018-03-26T00:00:00
db:NVDid:CVE-2017-15325date:2018-03-23T16:29:00.130