CVE-2017-17319

Huawei P9 smartphones with the versions before EVA-AL10C00B399SP02 have an information disclosure vulnerability. The software does not properly protect certain resource which can be accessed by multithreading. An attacker tricks the user who has root privilege to install a crafted application, successful exploit could result in kernel information disclosure.

CVSS v3 5.5 MEDIUM
CVSS v2.0 7.1 HIGH

5.5^/10

CVSS v3 : MEDIUM

Vector : AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

7.1^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:C/I:N/A:N

Exploitability : 8.6 / Impact : 6.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180314-01-smartphone-en	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:huawei:p9_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:p9:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2018-03-20 15:29

Updated : 2024-02-04 19:46

NVD link : CVE-2017-17319

Mitre link : CVE-2017-17319

CVE.ORG link : CVE-2017-17319

JSON object : View

Products Affected

huawei

p9_firmware
p9

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2017-17319", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.1, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2018-03-20T15:29:00.407", "references": [{"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180314-01-smartphone-en", "tags": ["Vendor Advisory"], "source": "psirt@huawei.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "Huawei P9 smartphones with the versions before EVA-AL10C00B399SP02 have an information disclosure vulnerability. The software does not properly protect certain resource which can be accessed by multithreading. An attacker tricks the user who has root privilege to install a crafted application, successful exploit could result in kernel information disclosure."}, {"lang": "es", "value": "Los smartphones Huawei P9 con software en versiones anteriores a EVA-AL10C00B399SP02 tienen una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n. El software no protege correctamente ciertos recursos a los que se puede acceder mediante m\u00faltiples hilos. Un atacante enga\u00f1a al usuario con privilegios root para que instale una aplicaci\u00f3n maliciosa, por lo que la explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda desembocar en una divulgaci\u00f3n de informaci\u00f3n del kernel."}], "lastModified": "2018-04-13T16:31:44.833", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:p9_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "43B5EEC6-FEB2-4DDE-9B94-67FC7525BC20", "versionEndExcluding": "eva-al10c00b399sp02"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:p9:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B1E734BC-513F-4FF6-B4AB-46A3AD8FA9BA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@huawei.com"}