CVE-2017-2713

HUAWEI P9 smartphones with software versions earlier before EVA-L09C432B383, versions earlier before EVA-L09C636B380, versions earlier before VIE-L09C432B370, versions earlier before VIE-L29C636B370 have an insufficient input validation vulnerability. An attacker could exploit this vulnerability to tamper with air interface signaling messages and obtain some communication information.

CVSS v3 5.4 MEDIUM
CVSS v2.0 4.8 MEDIUM

5.4^/10

CVSS v3 : MEDIUM

Vector : AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Exploitability : 2.8 / Impact : 2.5

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

4.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:A/AC:L/Au:N/C:P/I:P/A:N

Exploitability : 6.5 / Impact : 4.9

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170419-01-smartphone-en	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:huawei:p9_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:p9:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:huawei:p9_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:p9:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:huawei:p9_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:p9:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:huawei:p9_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:p9:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2017-11-22 19:29

Updated : 2024-02-04 19:29

NVD link : CVE-2017-2713

Mitre link : CVE-2017-2713

CVE.ORG link : CVE-2017-2713

JSON object : View

Products Affected

huawei

p9_firmware
p9

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2017-2713", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.8, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 6.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.4, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 2.8}]}, "published": "2017-11-22T19:29:01.053", "references": [{"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170419-01-smartphone-en", "tags": ["Vendor Advisory"], "source": "psirt@huawei.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "HUAWEI P9 smartphones with software versions earlier before EVA-L09C432B383, versions earlier before EVA-L09C636B380, versions earlier before VIE-L09C432B370, versions earlier before VIE-L29C636B370 have an insufficient input validation vulnerability. An attacker could exploit this vulnerability to tamper with air interface signaling messages and obtain some communication information."}, {"lang": "es", "value": "Los smartphones Huawei P9 con versiones de software anteriores a la EVA-AL00C00B365, anteriores a la EVA-L09C636B380, anteriores a la VIE-L09C432B370 y versiones anteriores a la VIE-L29C636B370 tienen una vulnerabilidad de validaci\u00f3n de entradas insuficiente. Un atacante podr\u00eda explotar esta vulnerabilidad para alterar los mensajes de se\u00f1alizaci\u00f3n de interfaz a\u00e9rea y obtener informaci\u00f3n de comunicaci\u00f3n."}], "lastModified": "2017-12-12T18:04:21.240", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:p9_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4B03331B-9950-4E4E-AEE9-410A240DAA04", "versionEndExcluding": "eva-l09c432b383"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:p9:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B1E734BC-513F-4FF6-B4AB-46A3AD8FA9BA"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:p9_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "19035021-5B60-4150-843C-B0CB8A565FAE", "versionEndExcluding": "eva-l09c636b380"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:p9:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B1E734BC-513F-4FF6-B4AB-46A3AD8FA9BA"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:p9_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8008681F-6BEA-4342-9542-CC2800AE624A", "versionEndExcluding": "vie-l09c432b370"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:p9:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B1E734BC-513F-4FF6-B4AB-46A3AD8FA9BA"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:p9_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C95F01C4-248E-42FB-98F1-2547C088617D", "versionEndExcluding": "vie-l29c636b370"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:p9:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B1E734BC-513F-4FF6-B4AB-46A3AD8FA9BA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@huawei.com"}