CVE-2017-17171

Published: Jun 1, 2018Modified: Nov 21, 2024

4.2

Vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H

Exploitability: 0.6 / Impact: 3.6

Source: NVD

Description

Some Huawei smart phones have the denial of service (DoS) vulnerability due to the improper processing of malicious parameters. An attacker may trick a target user into installing a malicious APK and launch attacks using a pre-installed app with specific permissions. Successful exploit could allow the app to send specific parameters to the smart phone driver, which will result in system restart.

Affected (31)

Products: Huawei: Mate 8 Firmware, P9 Firmware, P9 Plus Firmware

3 products

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Huawei Mate 8 Firmware	Before nxt-al10c00b593

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Huawei Mate 8 Firmware	Before nxt-cl00c92b593

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Huawei Mate 8 Firmware	Before nxt-dl00c17b593

Configuration D

1 vulnerable

Vulnerable Software	Affected Versions
Huawei Mate 8 Firmware	Before nxt-l09c636b598a

Configuration E

1 vulnerable

Vulnerable Software	Affected Versions
Huawei Mate 8 Firmware	Before nxt-l09c185b583

Configuration F

1 vulnerable

Vulnerable Software	Affected Versions
Huawei Mate 8 Firmware	Before nxt-l09c432b582

Configuration G

1 vulnerable

Vulnerable Software	Affected Versions
Huawei Mate 8 Firmware	Before nxt-l09c605b585custc605d590

Configuration H

1 vulnerable

Vulnerable Software	Affected Versions
Huawei Mate 8 Firmware	Before nxt-l29c10b583

Configuration I

1 vulnerable

Vulnerable Software	Affected Versions
Huawei Mate 8 Firmware	Before nxt-l29c185b585

Configuration J

1 vulnerable

Vulnerable Software	Affected Versions
Huawei Mate 8 Firmware	Before nxt-l29c636b594a

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Mate 8 Firmware	Before nxtl00c01b593

Running on/with	Platform Versions
Huawei Mate 8	All versions

Configuration L

1 vulnerable

Vulnerable Software	Affected Versions
Huawei P9 Firmware	Before eva-al00c00b398

Configuration M

1 vulnerable

Vulnerable Software	Affected Versions
Huawei P9 Firmware	Before eva-al10c00b398

Configuration N

1 vulnerable

Vulnerable Software	Affected Versions
Huawei P9 Firmware	Before eva-cl00c92b398

Configuration O

1 vulnerable

Vulnerable Software	Affected Versions
Huawei P9 Firmware	Before eva-dl00c17b398

Configuration P

1 vulnerable

Vulnerable Software	Affected Versions
Huawei P9 Firmware	Before eva-l09c185b391

Configuration Q

1 vulnerable

Vulnerable Software	Affected Versions
Huawei P9 Firmware	Before eva-l09c432b395

Configuration R

1 vulnerable

Vulnerable Software	Affected Versions
Huawei P9 Firmware	Before eva-l09c464b383

Configuration S

1 vulnerable

Vulnerable Software	Affected Versions
Huawei P9 Firmware	Before eva-l09c605b392

Configuration T

1 vulnerable

Vulnerable Software	Affected Versions
Huawei P9 Firmware	Up to eva-l09c636b388

Configuration U

1 vulnerable

Vulnerable Software	Affected Versions
Huawei P9 Firmware	Before eva-l19c10b394

Configuration V

1 vulnerable

Vulnerable Software	Affected Versions
Huawei P9 Firmware	Before eva-l19c432b392

Configuration W

1 vulnerable

Vulnerable Software	Affected Versions
Huawei P9 Firmware	Before eva-l19c605b390

Configuration X

1 vulnerable

Vulnerable Software	Affected Versions
Huawei P9 Firmware	Before eva-l19c636b393

Configuration Y

1 vulnerable

Vulnerable Software	Affected Versions
Huawei P9 Firmware	Before eva-l29c636b389

Configuration Z

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei P9 Firmware	Before eva-tl00c01b398

Running on/with	Platform Versions
Huawei P9	All versions

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Huawei P9 Plus Firmware	Before vie-l09c318b182

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Huawei P9 Plus Firmware	Before vie-l09c432b380

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Huawei P9 Plus Firmware	Before vie-l09c576b180

Configuration D

1 vulnerable

Vulnerable Software	Affected Versions
Huawei P9 Plus Firmware	Before vie-l29c605b370

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei P9 Plus Firmware	Before vie-l29c636b388

Running on/with	Platform Versions
Huawei P9 Plus	All versions

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (3)

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-01-smartphone

Source: psirt@huawei.com

Vendor Advisory

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-01-smartphone-en

Source: nvd@nist.gov

Vendor Advisory

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-01-smartphone

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.