CVE-2017-17159

{"id": "CVE-2017-17159", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.1, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 6.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2018-02-15T16:29:01.970", "references": [{"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-02-smartphone-en", "tags": ["Vendor Advisory"], "source": "psirt@huawei.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "Some Huawei smart phones with software of NXT-AL10C00B386, NXT-CL00C92B386, NXT-DL00C17B386, NXT-TL00C01B386SP01, NTS-AL00C00B535 have a DoS vulnerability due to insufficient input validation. An unauthenticated attacker could send malformed System Information(SI) messages to the smart phone within radio range by special wireless device. Successful exploit could make the smart phone restart."}, {"lang": "es", "value": "Algunos smartphones Huawei con software NXT-AL10C00B386, NXT-CL00C92B386, NXT-DL00C17B386, NXT-TL00C01B386SP01 y NTS-AL00C00B535 tienen una vulnerabilidad de denegaci\u00f3n de servicio (DoS) debido a una validaci\u00f3n de entradas insuficiente. Un atacante no autenticado podr\u00eda enviar mensajes SI (System Information) a los smartphones en el rango de radio por medio de un dispositivo inal\u00e1mbrico especial. La explotaci\u00f3n exitosa de esta vulnerabilidad puede provocar el reinicio del smartphone.</"}], "lastModified": "2018-03-14T18:13:03.103", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:mt8-emui4.1_firmware:nxt-al10c00b386:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "62CAA661-6E9F-41AE-90E4-A6A7A8020B7C"}, {"criteria": "cpe:2.3:o:huawei:mt8-emui4.1_firmware:nxt-cl00c92b386:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C62251E4-B231-475C-A05D-C313FC903F98"}, {"criteria": "cpe:2.3:o:huawei:mt8-emui4.1_firmware:nxt-dl00c17b386:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4BAB4BA7-E393-4393-84F5-A17096D98A39"}, {"criteria": "cpe:2.3:o:huawei:mt8-emui4.1_firmware:nxt-tl00c01b386sp01:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BA8972C3-53D2-413B-A1E3-E1EA92CAED2E"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:mt8-emui4.1:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3CAACD61-C2A8-4C6B-BABF-503B732D7ACB"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:nts-al00_firmware:nts-al00c00b535:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9A67583F-687E-4F3F-9B34-9016C68985DA"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:nts-al00:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "57B9A942-4791-4B65-9EB7-8E52F6C3A25A"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@huawei.com"}