CVE-2017-17201

Some huawei smartphones with software BTV-DL09C233B350, Berlin-L21HNC432B360, Berlin-L22HNC636B360, Berlin-L24HNC567B360, Berlin-L21C10B130, Berlin-L21C185B132, Berlin-L21C464B130, Berlin-L22C346B140, Berlin-L22C636B160, Berlin-L23C605B131, Berlin-L23DOMC109B160, MHA-AL00AC00B125 have a DoS vulnerability. Due to insufficient input validation, an attacker could trick a user to execute a malicious application, which could be exploited by attacker to launch DoS attacks.

CVSS v3 5.5 MEDIUM
CVSS v2.0 4.3 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector : AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:N/A:P

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180124-01-dos-en	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:huawei:btv-emui5.0_firmware:btv-dl09c233b350:*:*:*:*:*:*:*

cpe:2.3:h:huawei:btv-emui5.0:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

OR	cpe:2.3:o:huawei:berlin-emui5.0_firmware:berlin-l21hnc432b360:::::::*
	cpe:2.3:o:huawei:berlin-emui5.0_firmware:berlin-l22hnc636b360:::::::*
	cpe:2.3:o:huawei:berlin-emui5.0_firmware:berlin-l24hnc567b360:::::::*

cpe:2.3:h:huawei:berlin-emui5.0:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

OR	cpe:2.3:o:huawei:berlin-l21_firmware:berlin-l21c10b130:::::::*
	cpe:2.3:o:huawei:berlin-l21_firmware:berlin-l21c185b132:::::::*
	cpe:2.3:o:huawei:berlin-l21_firmware:berlin-l21c464b130:::::::*

cpe:2.3:h:huawei:berlin-l21:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

OR	cpe:2.3:o:huawei:berlin-l22_firmware:berlin-l22c346b140:::::::*
	cpe:2.3:o:huawei:berlin-l22_firmware:berlin-l22c636b160:::::::*

cpe:2.3:h:huawei:berlin-l22:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

OR	cpe:2.3:o:huawei:berlin-l23_firmware:berlin-l23c605b131:::::::*
	cpe:2.3:o:huawei:berlin-l23_firmware:berlin-l23domc109b160:::::::*

cpe:2.3:h:huawei:berlin-l23:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:huawei:mha-al00a_firmware:mha-al00ac00b125:*:*:*:*:*:*:*

cpe:2.3:h:huawei:mha-al00a:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2018-02-15 16:29

Updated : 2024-02-04 19:46

NVD link : CVE-2017-17201

Mitre link : CVE-2017-17201

CVE.ORG link : CVE-2017-17201

JSON object : View

Products Affected

huawei

btv-emui5.0_firmware
berlin-emui5.0_firmware
berlin-l21_firmware
btv-emui5.0
berlin-l21
berlin-l22_firmware
berlin-l22
berlin-l23
mha-al00a_firmware
berlin-l23_firmware
mha-al00a
berlin-emui5.0

CWE

CWE-20

Improper Input Validation

5.5 /10

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

4.3 /10

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2017-17201

5.5^/10

4.3^/10

Attach tags to `CVE-2017-17201`