VAR-201803-0205
Vulnerability from variot - Updated: 2024-11-23 21:53Huawei smartphones with software of MHA-AL00AC00B125 have an improper resource management vulnerability. The software does not properly manage the resource when do device register operation. An attacker tricks the user who has root privilege to install a crafted application, successful exploit could cause certain service unavailable. HuaweiMHA-AL00A is a smartphone product from China's Huawei company. A resource management error vulnerability exists in the HuaweiMHA-AL00AMHA-AL00AC00B125 version, which is caused by the system failing to properly lock resources when processing a registration operation. Huawei Smart Phones are prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. Huawei MHA-AL00A is a smart phone product of China Huawei (Huawei)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201803-0205",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mha-al00a",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": "mha-al00ac00b125"
},
{
"model": "mha-al00a mha-al00ac00b125",
"scope": null,
"trust": 0.9,
"vendor": "huawei",
"version": null
},
{
"model": "mha-al00a",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "mha-al00a mha-al00bc00b231",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-38098"
},
{
"db": "BID",
"id": "103418"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012886"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-877"
},
{
"db": "NVD",
"id": "CVE-2017-17327"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:huawei:mha-al00a_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-012886"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "He Yao of Baidu X-Lab",
"sources": [
{
"db": "BID",
"id": "103418"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-877"
}
],
"trust": 0.9
},
"cve": "CVE-2017-17327",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2017-17327",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CNVD-2017-38098",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-108338",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.8,
"id": "CVE-2017-17327",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-17327",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2017-17327",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2017-38098",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201712-877",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-108338",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-38098"
},
{
"db": "VULHUB",
"id": "VHN-108338"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012886"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-877"
},
{
"db": "NVD",
"id": "CVE-2017-17327"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei smartphones with software of MHA-AL00AC00B125 have an improper resource management vulnerability. The software does not properly manage the resource when do device register operation. An attacker tricks the user who has root privilege to install a crafted application, successful exploit could cause certain service unavailable. HuaweiMHA-AL00A is a smartphone product from China\u0027s Huawei company. A resource management error vulnerability exists in the HuaweiMHA-AL00AMHA-AL00AC00B125 version, which is caused by the system failing to properly lock resources when processing a registration operation. Huawei Smart Phones are prone to a remote denial-of-service vulnerability. \nAn attacker can exploit this issue to cause a denial-of-service condition. Huawei MHA-AL00A is a smart phone product of China Huawei (Huawei)",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-17327"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012886"
},
{
"db": "CNVD",
"id": "CNVD-2017-38098"
},
{
"db": "BID",
"id": "103418"
},
{
"db": "VULHUB",
"id": "VHN-108338"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-17327",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012886",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201712-877",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-38098",
"trust": 0.6
},
{
"db": "BID",
"id": "103418",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-108338",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-38098"
},
{
"db": "VULHUB",
"id": "VHN-108338"
},
{
"db": "BID",
"id": "103418"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012886"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-877"
},
{
"db": "NVD",
"id": "CVE-2017-17327"
}
]
},
"id": "VAR-201803-0205",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-38098"
},
{
"db": "VULHUB",
"id": "VHN-108338"
}
],
"trust": 1.31764705
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-38098"
}
]
},
"last_update_date": "2024-11-23T21:53:20.983000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security Advisory - Improper Resource Management Vulnerability on Huawei Smartphones",
"trust": 0.8,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-03-smartphone-en"
},
{
"title": "HuaweiMHA-AL00A resource management error vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/111711"
},
{
"title": "Huawei MHA-AL00A Remediation of resource management error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77326"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-38098"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012886"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-877"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-399",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-108338"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012886"
},
{
"db": "NVD",
"id": "CVE-2017-17327"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-03-smartphone-en"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17327"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-17327"
},
{
"trust": 0.6,
"url": "http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20171220-03-smartphone-cn"
},
{
"trust": 0.3,
"url": "http://www.huawei.com/en/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-38098"
},
{
"db": "VULHUB",
"id": "VHN-108338"
},
{
"db": "BID",
"id": "103418"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012886"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-877"
},
{
"db": "NVD",
"id": "CVE-2017-17327"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-38098"
},
{
"db": "VULHUB",
"id": "VHN-108338"
},
{
"db": "BID",
"id": "103418"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012886"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-877"
},
{
"db": "NVD",
"id": "CVE-2017-17327"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-12-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-38098"
},
{
"date": "2018-03-09T00:00:00",
"db": "VULHUB",
"id": "VHN-108338"
},
{
"date": "2017-12-20T00:00:00",
"db": "BID",
"id": "103418"
},
{
"date": "2018-04-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-012886"
},
{
"date": "2017-12-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201712-877"
},
{
"date": "2018-03-09T17:29:02.190000",
"db": "NVD",
"id": "CVE-2017-17327"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-12-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-38098"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-108338"
},
{
"date": "2017-12-20T00:00:00",
"db": "BID",
"id": "103418"
},
{
"date": "2018-04-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-012886"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201712-877"
},
{
"date": "2024-11-21T03:17:50.680000",
"db": "NVD",
"id": "CVE-2017-17327"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201712-877"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei MHA-AL00A Resource Management Error Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-38098"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-877"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201712-877"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…