FKIE_CVE-2017-17159

Vulnerability from fkie_nvd - Published: 2018-02-15 16:29 - Updated: 2024-11-21 03:17
Severity
6.5 (Medium) - CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Some Huawei smart phones with software of NXT-AL10C00B386, NXT-CL00C92B386, NXT-DL00C17B386, NXT-TL00C01B386SP01, NTS-AL00C00B535 have a DoS vulnerability due to insufficient input validation. An unauthenticated attacker could send malformed System Information(SI) messages to the smart phone within radio range by special wireless device. Successful exploit could make the smart phone restart.
References
psirt@huawei.comhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-02-smartphone-enVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-02-smartphone-enVendor Advisory
Impacted products
Vendor Product Version
huawei mt8-emui4.1_firmware nxt-al10c00b386
huawei mt8-emui4.1_firmware nxt-cl00c92b386
huawei mt8-emui4.1_firmware nxt-dl00c17b386
huawei mt8-emui4.1_firmware nxt-tl00c01b386sp01
huawei mt8-emui4.1 -
huawei nts-al00_firmware nts-al00c00b535
huawei nts-al00 -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:huawei:mt8-emui4.1_firmware:nxt-al10c00b386:*:*:*:*:*:*:*",
              "matchCriteriaId": "62CAA661-6E9F-41AE-90E4-A6A7A8020B7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:mt8-emui4.1_firmware:nxt-cl00c92b386:*:*:*:*:*:*:*",
              "matchCriteriaId": "C62251E4-B231-475C-A05D-C313FC903F98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:mt8-emui4.1_firmware:nxt-dl00c17b386:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BAB4BA7-E393-4393-84F5-A17096D98A39",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:mt8-emui4.1_firmware:nxt-tl00c01b386sp01:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA8972C3-53D2-413B-A1E3-E1EA92CAED2E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:huawei:mt8-emui4.1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CAACD61-C2A8-4C6B-BABF-503B732D7ACB",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:huawei:nts-al00_firmware:nts-al00c00b535:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A67583F-687E-4F3F-9B34-9016C68985DA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:huawei:nts-al00:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "57B9A942-4791-4B65-9EB7-8E52F6C3A25A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Some Huawei smart phones with software of NXT-AL10C00B386, NXT-CL00C92B386, NXT-DL00C17B386, NXT-TL00C01B386SP01, NTS-AL00C00B535 have a DoS vulnerability due to insufficient input validation. An unauthenticated attacker could send malformed System Information(SI) messages to the smart phone within radio range by special wireless device. Successful exploit could make the smart phone restart."
    },
    {
      "lang": "es",
      "value": "Algunos smartphones Huawei con software NXT-AL10C00B386, NXT-CL00C92B386, NXT-DL00C17B386, NXT-TL00C01B386SP01 y NTS-AL00C00B535 tienen una vulnerabilidad de denegaci\u00f3n de servicio (DoS) debido a una validaci\u00f3n de entradas insuficiente. Un atacante no autenticado podr\u00eda enviar mensajes SI (System Information) a los smartphones en el rango de radio por medio de un dispositivo inal\u00e1mbrico especial. La explotaci\u00f3n exitosa de esta vulnerabilidad puede provocar el reinicio del smartphone.\u003c/"
    }
  ],
  "id": "CVE-2017-17159",
  "lastModified": "2024-11-21T03:17:36.523",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "ADJACENT_NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 6.5,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-02-15T16:29:01.970",
  "references": [
    {
      "source": "psirt@huawei.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-02-smartphone-en"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-02-smartphone-en"
    }
  ],
  "sourceIdentifier": "psirt@huawei.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.