CVE-2017-17140

Published: Mar 5, 2018Modified: Nov 21, 2024

5.5

Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

Huawei Enjoy 5s and Y6 Pro smartphones with software the versions before TAG-AL00C92B170; the versions before TIT-L01C576B121 have an information leak vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious application on the smart phone and the application can read some sensitive information in kernel memory which may cause sensitive information leak.

Affected (2)

Products: Huawei: Enjoy 5s Firmware, Y6 Pro Firmware

2 products

Enjoy 5s Firmware

Y6 Pro Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Enjoy 5s Firmware	Before tag-al00c92b170

Running on/with	Platform Versions
Huawei Enjoy 5s	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Y6 Pro Firmware	Before tit-l01c576b121

Running on/with	Platform Versions
Huawei Y6 Pro	All versions

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (2)

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171213-02-smartphone-en

Source: psirt@huawei.com

Vendor Advisory

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171213-02-smartphone-en

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.