CVE-2017-17158 (GCVE-0-2017-17158)

Vulnerability from cvelistv5 – Published: 2018-05-24 14:00 – Updated: 2024-08-05 20:43
VLAI?
Summary
Some Huawei smart phones with the versions before Berlin-L21HNC185B381; the versions before Prague-AL00AC00B223; the versions before Prague-AL00BC00B223; the versions before Prague-AL00CC00B223; the versions before Prague-L31C432B208; the versions before Prague-TL00AC01B223; the versions before Prague-TL00AC01B223 have an information exposure vulnerability. When the user's smart phone connects to the malicious device for charging, an unauthenticated attacker may activate some specific function by sending some specially crafted messages. Due to insufficient input validation of the messages, successful exploit may cause information exposure.
Severity ?
No CVSS data available.
CWE
  • information exposure
Assigner
References
Impacted products
Vendor Product Version
Huawei Technologies Co., Ltd. Berlin-L21HN; Prague-AL00A; Prague-AL00B; Prague-AL00C; Prague-L31; Prague-TL00A; Prague-TL10A Affected: The versions before Berlin-L21HNC185B381
Affected: The versions before Prague-AL00AC00B223
Affected: The versions before Prague-AL00BC00B223
Affected: The versions before Prague-AL00CC00B223
Affected: The versions before Prague-L31C432B208
Affected: The versions before Prague-TL00AC01B223
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T20:43:59.933Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180523-01-phone-en"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Berlin-L21HN; Prague-AL00A; Prague-AL00B; Prague-AL00C; Prague-L31; Prague-TL00A; Prague-TL10A",
          "vendor": "Huawei Technologies Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "The versions before Berlin-L21HNC185B381"
            },
            {
              "status": "affected",
              "version": "The versions before Prague-AL00AC00B223"
            },
            {
              "status": "affected",
              "version": "The versions before Prague-AL00BC00B223"
            },
            {
              "status": "affected",
              "version": "The versions before Prague-AL00CC00B223"
            },
            {
              "status": "affected",
              "version": "The versions before Prague-L31C432B208"
            },
            {
              "status": "affected",
              "version": "The versions before Prague-TL00AC01B223"
            }
          ]
        }
      ],
      "datePublic": "2018-05-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Some Huawei smart phones with the versions before Berlin-L21HNC185B381; the versions before Prague-AL00AC00B223; the versions before Prague-AL00BC00B223; the versions before Prague-AL00CC00B223; the versions before Prague-L31C432B208; the versions before Prague-TL00AC01B223; the versions before Prague-TL00AC01B223 have an information exposure vulnerability. When the user\u0027s smart phone connects to the malicious device for charging, an unauthenticated attacker may activate some specific function by sending some specially crafted messages. Due to insufficient input validation of the messages, successful exploit may cause information exposure."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "information exposure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-05-24T13:57:01",
        "orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
        "shortName": "huawei"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180523-01-phone-en"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@huawei.com",
          "ID": "CVE-2017-17158",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Berlin-L21HN; Prague-AL00A; Prague-AL00B; Prague-AL00C; Prague-L31; Prague-TL00A; Prague-TL10A",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "The versions before Berlin-L21HNC185B381"
                          },
                          {
                            "version_value": "The versions before Prague-AL00AC00B223"
                          },
                          {
                            "version_value": "The versions before Prague-AL00BC00B223"
                          },
                          {
                            "version_value": "The versions before Prague-AL00CC00B223"
                          },
                          {
                            "version_value": "The versions before Prague-L31C432B208"
                          },
                          {
                            "version_value": "The versions before Prague-TL00AC01B223"
                          },
                          {
                            "version_value": "The versions before Prague-TL00AC01B223"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Huawei Technologies Co., Ltd."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Some Huawei smart phones with the versions before Berlin-L21HNC185B381; the versions before Prague-AL00AC00B223; the versions before Prague-AL00BC00B223; the versions before Prague-AL00CC00B223; the versions before Prague-L31C432B208; the versions before Prague-TL00AC01B223; the versions before Prague-TL00AC01B223 have an information exposure vulnerability. When the user\u0027s smart phone connects to the malicious device for charging, an unauthenticated attacker may activate some specific function by sending some specially crafted messages. Due to insufficient input validation of the messages, successful exploit may cause information exposure."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "information exposure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180523-01-phone-en",
              "refsource": "CONFIRM",
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180523-01-phone-en"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
    "assignerShortName": "huawei",
    "cveId": "CVE-2017-17158",
    "datePublished": "2018-05-24T14:00:00",
    "dateReserved": "2017-12-04T00:00:00",
    "dateUpdated": "2024-08-05T20:43:59.933Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-17158\",\"sourceIdentifier\":\"psirt@huawei.com\",\"published\":\"2018-05-24T14:29:00.250\",\"lastModified\":\"2024-11-21T03:17:36.397\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Some Huawei smart phones with the versions before Berlin-L21HNC185B381; the versions before Prague-AL00AC00B223; the versions before Prague-AL00BC00B223; the versions before Prague-AL00CC00B223; the versions before Prague-L31C432B208; the versions before Prague-TL00AC01B223; the versions before Prague-TL00AC01B223 have an information exposure vulnerability. When the user\u0027s smart phone connects to the malicious device for charging, an unauthenticated attacker may activate some specific function by sending some specially crafted messages. Due to insufficient input validation of the messages, successful exploit may cause information exposure.\"},{\"lang\":\"es\",\"value\":\"Algunos smartphones Huawei en versiones anteriores a Berlin-L21HNC185B381, Prague-AL00AC00B223, Prague-AL00BC00B223, Prague-AL00CC00B223, Prague-L31C432B208, Prague-TL00AC01B223 y Prague-TL00AC01B223 tienen una vulnerabilidad de exposici\u00f3n de informaci\u00f3n. Cuando el smartphone del usuario se conecta al dispositivo malicioso para cargarlo, un atacante no autenticado podr\u00eda activar algunas funciones espec\u00edficas mediante el env\u00edo de algunos mensajes especialmente manipulados. Dada la validaci\u00f3n de entradas insuficiente de los mensajes, la explotaci\u00f3n con \u00e9xito podr\u00eda provocar una exposici\u00f3n de informaci\u00f3n.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":4.6,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"PHYSICAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":0.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":2.1,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:berlin-l21hn_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"l21hnc185b381\",\"matchCriteriaId\":\"46D34421-0B1F-4A24-9273-3802413E9BD9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:berlin-l21hn:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E2E8FDB9-B279-4D37-BBC3-9625AB5E42DF\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:prague-al00a_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"al00ac00b223\",\"matchCriteriaId\":\"98401C63-6798-462D-9544-30D8ADB5C138\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:prague-al00a:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"04E54AE0-CB98-47D2-AF52-516EADEF1F5D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:prague-al00b_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"al00bc00b223\",\"matchCriteriaId\":\"50902B2C-18B2-410C-BFB8-C34EA09485B3\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:prague-al00b:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DA3C5A77-355C-4797-8B3F-706C9A7C2F1C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:prague-al00c_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"al00cc00b223\",\"matchCriteriaId\":\"1690FC62-A1FB-4CC4-B05E-8F8B16BA8223\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:prague-al00c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"05BB6D0A-0545-456D-85CC-9A302BAC9A0E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:prague-l31_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"l31c432b208\",\"matchCriteriaId\":\"2A9FD8DD-17CE-4B28-98E3-8EE844B4C620\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:prague-l31:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1C9121DA-1ADB-41AE-A2D4-2AFF7729A16A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:prague-tl00a_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"tl00ac01b223\",\"matchCriteriaId\":\"A010E681-A33A-46D9-9A2E-E91E4A90BD7E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:prague-tl00a:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"338F548C-DA7E-4EA4-9D54-7DDF1D5F99B4\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:prague-tl10a_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"tl00ac01b223\",\"matchCriteriaId\":\"E1A9B72A-9B0E-491C-BE2B-EB4EAEA0D9CE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:prague-tl10a:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F248688D-F679-42E9-BAA4-34187D5EC5F0\"}]}]}],\"references\":[{\"url\":\"http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180523-01-phone-en\",\"source\":\"psirt@huawei.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180523-01-phone-en\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.