CVE-2017-2717

honor 8 Pro with software Duke-L09C10B120 and earlier versions,Duke-L09C432B120 and earlier versions,Duke-L09C636B120 and earlier versions has an integer overflow vulnerability. The attacker sends a response message to the device, which contains an illegal length field, it could produce an integer overflow and restart the modem system.

CVSS v3 6.5 MEDIUM
CVSS v2.0 3.3 LOW

6.5^/10

CVSS v3 : MEDIUM

Vector : AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability : 2.8 / Impact : 3.6

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

3.3^/10

CVSS v2.0 : LOW

Vector : AV:A/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 6.5 / Impact : 2.9

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170816-01-nas-en	Vendor Advisory
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170816-01-nas-en	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:huawei:honor_8_pro_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:honor_8_pro:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:huawei:honor_8_pro_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:honor_8_pro:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:huawei:honor_8_pro_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:honor_8_pro:-:*:*:*:*:*:*:*

History

21 Nov 2024, 03:24

Type	Values Removed	Values Added
References	~~() http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170816-01-nas-en - Vendor Advisory~~	() http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170816-01-nas-en - Vendor Advisory

Information

Published : 2017-11-22 19:29

Updated : 2025-04-20 01:37

NVD link : CVE-2017-2717

Mitre link : CVE-2017-2717

CVE.ORG link : CVE-2017-2717

JSON object : View

Products Affected

huawei

honor_8_pro
honor_8_pro_firmware

CWE

CWE-190

Integer Overflow or Wraparound

{"id": "CVE-2017-2717", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.3, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2017-11-22T19:29:01.223", "references": [{"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170816-01-nas-en", "tags": ["Vendor Advisory"], "source": "psirt@huawei.com"}, {"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170816-01-nas-en", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-190"}]}], "descriptions": [{"lang": "en", "value": "honor 8 Pro with software Duke-L09C10B120 and earlier versions,Duke-L09C432B120 and earlier versions,Duke-L09C636B120 and earlier versions has an integer overflow vulnerability. The attacker sends a response message to the device, which contains an illegal length field, it could produce an integer overflow and restart the modem system."}, {"lang": "es", "value": "Honor 8 Pro con software Duke-L09C10B120 y anteriores, Duke-L09C432B120 y anteriores y Duke-L09C636B120 y anteriores tiene una vulnerabilidad de desbordamiento de enteros. El atacante env\u00eda un mensaje de respuesta al dispositivo, que contiene un campo length ilegal. Esto podr\u00eda provocar un desbordamiento de enteros y reiniciar el sistema de m\u00f3dem."}], "lastModified": "2025-04-20T01:37:25.860", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:honor_8_pro_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B8F0EC61-EEE3-4F09-8715-90E7E3DA92EF", "versionEndIncluding": "duke-l09c10b120"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:honor_8_pro:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "77FAD273-D46F-43B9-AC4E-BA1B61F16078"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:honor_8_pro_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7F99BBD3-84D9-4907-8DAD-A7546C37A2A9", "versionEndIncluding": "duke-l09c432b120"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:honor_8_pro:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "77FAD273-D46F-43B9-AC4E-BA1B61F16078"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:honor_8_pro_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7FE35DDA-303B-4CAE-93F9-F50AA159EA5B", "versionEndIncluding": "duke-l09c636b120"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:honor_8_pro:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "77FAD273-D46F-43B9-AC4E-BA1B61F16078"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@huawei.com"}