FKIE_CVE-2017-17158

Vulnerability from fkie_nvd - Published: 2018-05-24 14:29 - Updated: 2024-11-21 03:17
Severity ?
4.6 (Medium) - CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Some Huawei smart phones with the versions before Berlin-L21HNC185B381; the versions before Prague-AL00AC00B223; the versions before Prague-AL00BC00B223; the versions before Prague-AL00CC00B223; the versions before Prague-L31C432B208; the versions before Prague-TL00AC01B223; the versions before Prague-TL00AC01B223 have an information exposure vulnerability. When the user's smart phone connects to the malicious device for charging, an unauthenticated attacker may activate some specific function by sending some specially crafted messages. Due to insufficient input validation of the messages, successful exploit may cause information exposure.
References
psirt@huawei.comhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180523-01-phone-enVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180523-01-phone-enVendor Advisory
Impacted products
Vendor Product Version
huawei berlin-l21hn_firmware *
huawei berlin-l21hn -
huawei prague-al00a_firmware *
huawei prague-al00a -
huawei prague-al00b_firmware *
huawei prague-al00b -
huawei prague-al00c_firmware *
huawei prague-al00c -
huawei prague-l31_firmware *
huawei prague-l31 -
huawei prague-tl00a_firmware *
huawei prague-tl00a -
huawei prague-tl10a_firmware *
huawei prague-tl10a -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:huawei:berlin-l21hn_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "46D34421-0B1F-4A24-9273-3802413E9BD9",
              "versionEndExcluding": "l21hnc185b381",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:huawei:berlin-l21hn:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2E8FDB9-B279-4D37-BBC3-9625AB5E42DF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:huawei:prague-al00a_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "98401C63-6798-462D-9544-30D8ADB5C138",
              "versionEndExcluding": "al00ac00b223",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:huawei:prague-al00a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "04E54AE0-CB98-47D2-AF52-516EADEF1F5D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:huawei:prague-al00b_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "50902B2C-18B2-410C-BFB8-C34EA09485B3",
              "versionEndExcluding": "al00bc00b223",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:huawei:prague-al00b:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA3C5A77-355C-4797-8B3F-706C9A7C2F1C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:huawei:prague-al00c_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1690FC62-A1FB-4CC4-B05E-8F8B16BA8223",
              "versionEndExcluding": "al00cc00b223",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:huawei:prague-al00c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "05BB6D0A-0545-456D-85CC-9A302BAC9A0E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:huawei:prague-l31_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A9FD8DD-17CE-4B28-98E3-8EE844B4C620",
              "versionEndExcluding": "l31c432b208",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:huawei:prague-l31:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C9121DA-1ADB-41AE-A2D4-2AFF7729A16A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:huawei:prague-tl00a_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A010E681-A33A-46D9-9A2E-E91E4A90BD7E",
              "versionEndExcluding": "tl00ac01b223",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:huawei:prague-tl00a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "338F548C-DA7E-4EA4-9D54-7DDF1D5F99B4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:huawei:prague-tl10a_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1A9B72A-9B0E-491C-BE2B-EB4EAEA0D9CE",
              "versionEndExcluding": "tl00ac01b223",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:huawei:prague-tl10a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F248688D-F679-42E9-BAA4-34187D5EC5F0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Some Huawei smart phones with the versions before Berlin-L21HNC185B381; the versions before Prague-AL00AC00B223; the versions before Prague-AL00BC00B223; the versions before Prague-AL00CC00B223; the versions before Prague-L31C432B208; the versions before Prague-TL00AC01B223; the versions before Prague-TL00AC01B223 have an information exposure vulnerability. When the user\u0027s smart phone connects to the malicious device for charging, an unauthenticated attacker may activate some specific function by sending some specially crafted messages. Due to insufficient input validation of the messages, successful exploit may cause information exposure."
    },
    {
      "lang": "es",
      "value": "Algunos smartphones Huawei en versiones anteriores a Berlin-L21HNC185B381, Prague-AL00AC00B223, Prague-AL00BC00B223, Prague-AL00CC00B223, Prague-L31C432B208, Prague-TL00AC01B223 y Prague-TL00AC01B223 tienen una vulnerabilidad de exposici\u00f3n de informaci\u00f3n. Cuando el smartphone del usuario se conecta al dispositivo malicioso para cargarlo, un atacante no autenticado podr\u00eda activar algunas funciones espec\u00edficas mediante el env\u00edo de algunos mensajes especialmente manipulados. Dada la validaci\u00f3n de entradas insuficiente de los mensajes, la explotaci\u00f3n con \u00e9xito podr\u00eda provocar una exposici\u00f3n de informaci\u00f3n."
    }
  ],
  "id": "CVE-2017-17158",
  "lastModified": "2024-11-21T03:17:36.397",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "PHYSICAL",
          "availabilityImpact": "NONE",
          "baseScore": 4.6,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 0.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-05-24T14:29:00.250",
  "references": [
    {
      "source": "psirt@huawei.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180523-01-phone-en"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180523-01-phone-en"
    }
  ],
  "sourceIdentifier": "psirt@huawei.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.