CVE-2017-17158

{"id": "CVE-2017-17158", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 4.6, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 0.9}]}, "published": "2018-05-24T14:29:00.250", "references": [{"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180523-01-phone-en", "tags": ["Vendor Advisory"], "source": "psirt@huawei.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "Some Huawei smart phones with the versions before Berlin-L21HNC185B381; the versions before Prague-AL00AC00B223; the versions before Prague-AL00BC00B223; the versions before Prague-AL00CC00B223; the versions before Prague-L31C432B208; the versions before Prague-TL00AC01B223; the versions before Prague-TL00AC01B223 have an information exposure vulnerability. When the user's smart phone connects to the malicious device for charging, an unauthenticated attacker may activate some specific function by sending some specially crafted messages. Due to insufficient input validation of the messages, successful exploit may cause information exposure."}, {"lang": "es", "value": "Algunos smartphones Huawei en versiones anteriores a Berlin-L21HNC185B381, Prague-AL00AC00B223, Prague-AL00BC00B223, Prague-AL00CC00B223, Prague-L31C432B208, Prague-TL00AC01B223 y Prague-TL00AC01B223 tienen una vulnerabilidad de exposici\u00f3n de informaci\u00f3n. Cuando el smartphone del usuario se conecta al dispositivo malicioso para cargarlo, un atacante no autenticado podr\u00eda activar algunas funciones espec\u00edficas mediante el env\u00edo de algunos mensajes especialmente manipulados. Dada la validaci\u00f3n de entradas insuficiente de los mensajes, la explotaci\u00f3n con \u00e9xito podr\u00eda provocar una exposici\u00f3n de informaci\u00f3n."}], "lastModified": "2018-06-26T18:36:14.887", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:berlin-l21hn_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "46D34421-0B1F-4A24-9273-3802413E9BD9", "versionEndExcluding": "l21hnc185b381"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:berlin-l21hn:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E2E8FDB9-B279-4D37-BBC3-9625AB5E42DF"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:prague-al00a_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "98401C63-6798-462D-9544-30D8ADB5C138", "versionEndExcluding": "al00ac00b223"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:prague-al00a:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "04E54AE0-CB98-47D2-AF52-516EADEF1F5D"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:prague-al00b_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "50902B2C-18B2-410C-BFB8-C34EA09485B3", "versionEndExcluding": "al00bc00b223"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:prague-al00b:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DA3C5A77-355C-4797-8B3F-706C9A7C2F1C"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:prague-al00c_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1690FC62-A1FB-4CC4-B05E-8F8B16BA8223", "versionEndExcluding": "al00cc00b223"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:prague-al00c:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "05BB6D0A-0545-456D-85CC-9A302BAC9A0E"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:prague-l31_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2A9FD8DD-17CE-4B28-98E3-8EE844B4C620", "versionEndExcluding": "l31c432b208"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:prague-l31:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1C9121DA-1ADB-41AE-A2D4-2AFF7729A16A"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:prague-tl00a_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A010E681-A33A-46D9-9A2E-E91E4A90BD7E", "versionEndExcluding": "tl00ac01b223"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:prague-tl00a:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "338F548C-DA7E-4EA4-9D54-7DDF1D5F99B4"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:prague-tl10a_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E1A9B72A-9B0E-491C-BE2B-EB4EAEA0D9CE", "versionEndExcluding": "tl00ac01b223"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:prague-tl10a:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F248688D-F679-42E9-BAA4-34187D5EC5F0"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@huawei.com"}