CVE-2017-17201

Some huawei smartphones with software BTV-DL09C233B350, Berlin-L21HNC432B360, Berlin-L22HNC636B360, Berlin-L24HNC567B360, Berlin-L21C10B130, Berlin-L21C185B132, Berlin-L21C464B130, Berlin-L22C346B140, Berlin-L22C636B160, Berlin-L23C605B131, Berlin-L23DOMC109B160, MHA-AL00AC00B125 have a DoS vulnerability. Due to insufficient input validation, an attacker could trick a user to execute a malicious application, which could be exploited by attacker to launch DoS attacks.

CVSS v3 5.5 MEDIUM
CVSS v2.0 4.3 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector : AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:N/A:P

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180124-01-dos-en	Vendor Advisory
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180124-01-dos-en	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:huawei:btv-emui5.0_firmware:btv-dl09c233b350:*:*:*:*:*:*:*

cpe:2.3:h:huawei:btv-emui5.0:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

OR	cpe:2.3:o:huawei:berlin-emui5.0_firmware:berlin-l21hnc432b360:::::::*
	cpe:2.3:o:huawei:berlin-emui5.0_firmware:berlin-l22hnc636b360:::::::*
	cpe:2.3:o:huawei:berlin-emui5.0_firmware:berlin-l24hnc567b360:::::::*

cpe:2.3:h:huawei:berlin-emui5.0:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

OR	cpe:2.3:o:huawei:berlin-l21_firmware:berlin-l21c10b130:::::::*
	cpe:2.3:o:huawei:berlin-l21_firmware:berlin-l21c185b132:::::::*
	cpe:2.3:o:huawei:berlin-l21_firmware:berlin-l21c464b130:::::::*

cpe:2.3:h:huawei:berlin-l21:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

OR	cpe:2.3:o:huawei:berlin-l22_firmware:berlin-l22c346b140:::::::*
	cpe:2.3:o:huawei:berlin-l22_firmware:berlin-l22c636b160:::::::*

cpe:2.3:h:huawei:berlin-l22:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

OR	cpe:2.3:o:huawei:berlin-l23_firmware:berlin-l23c605b131:::::::*
	cpe:2.3:o:huawei:berlin-l23_firmware:berlin-l23domc109b160:::::::*

cpe:2.3:h:huawei:berlin-l23:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:huawei:mha-al00a_firmware:mha-al00ac00b125:*:*:*:*:*:*:*

cpe:2.3:h:huawei:mha-al00a:-:*:*:*:*:*:*:*

History

21 Nov 2024, 03:17

Type	Values Removed	Values Added
References	~~() http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180124-01-dos-en - Vendor Advisory~~	() http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180124-01-dos-en - Vendor Advisory

Information

Published : 2018-02-15 16:29

Updated : 2024-11-21 03:17

NVD link : CVE-2017-17201

Mitre link : CVE-2017-17201

CVE.ORG link : CVE-2017-17201

JSON object : View

Products Affected

huawei

berlin-l22_firmware
berlin-emui5.0
berlin-l22
mha-al00a
berlin-l21
berlin-l23_firmware
berlin-emui5.0_firmware
btv-emui5.0_firmware
berlin-l23
berlin-l21_firmware
btv-emui5.0
mha-al00a_firmware

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2017-17201", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2018-02-15T16:29:02.627", "references": [{"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180124-01-dos-en", "tags": ["Vendor Advisory"], "source": "psirt@huawei.com"}, {"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180124-01-dos-en", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "Some huawei smartphones with software BTV-DL09C233B350, Berlin-L21HNC432B360, Berlin-L22HNC636B360, Berlin-L24HNC567B360, Berlin-L21C10B130, Berlin-L21C185B132, Berlin-L21C464B130, Berlin-L22C346B140, Berlin-L22C636B160, Berlin-L23C605B131, Berlin-L23DOMC109B160, MHA-AL00AC00B125 have a DoS vulnerability. Due to insufficient input validation, an attacker could trick a user to execute a malicious application, which could be exploited by attacker to launch DoS attacks."}, {"lang": "es", "value": "Algunos smartphones Huawei con software BTV-DL09C233B350, Berlin-L21HNC432B360, Berlin-L22HNC636B360, Berlin-L24HNC567B360, Berlin-L21C10B130, Berlin-L21C185B132, Berlin-L21C464B130, Berlin-L22C346B140, Berlin-L22C636B160, Berlin-L23C605B131, Berlin-L23DOMC109B160 y MHA-AL00AC00B125 tienen una vulnerabilidad de DoS. Dada la validaci\u00f3n insuficiente de entradas, un atacante podr\u00eda enga\u00f1ar a un usuario para que ejecute una aplicaci\u00f3n maliciosa, que podr\u00eda ser aprovechada para iniciar ataques de denegaci\u00f3n de servicio."}], "lastModified": "2024-11-21T03:17:40.330", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:btv-emui5.0_firmware:btv-dl09c233b350:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5562C702-A701-4D63-B3B0-82864E6925BD"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:btv-emui5.0:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B690891F-C103-4FF1-BDF2-963B16707719"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:berlin-emui5.0_firmware:berlin-l21hnc432b360:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "921A5DE3-FDFA-4EF9-9533-BEA5241EA61B"}, {"criteria": "cpe:2.3:o:huawei:berlin-emui5.0_firmware:berlin-l22hnc636b360:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1EF4C520-4467-435C-9BA2-90BF15935027"}, {"criteria": "cpe:2.3:o:huawei:berlin-emui5.0_firmware:berlin-l24hnc567b360:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6B57B48B-4F7F-442B-813D-0521E558DCB6"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:berlin-emui5.0:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "387CFA7F-8E93-4D3F-84CF-1810BA0E6043"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:berlin-l21_firmware:berlin-l21c10b130:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5D190578-F8E6-42A0-81B4-C33AC051370D"}, {"criteria": "cpe:2.3:o:huawei:berlin-l21_firmware:berlin-l21c185b132:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F8E4D965-4133-4EF2-80FA-0F3A8D3FBD55"}, {"criteria": "cpe:2.3:o:huawei:berlin-l21_firmware:berlin-l21c464b130:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D73F0353-83BA-4401-A451-473FD4900206"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:berlin-l21:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C723516F-04EB-48E5-9057-7FB1DACB5D28"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:berlin-l22_firmware:berlin-l22c346b140:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3639B382-6447-4324-B692-3A214F8DE4C4"}, {"criteria": "cpe:2.3:o:huawei:berlin-l22_firmware:berlin-l22c636b160:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DD33173D-04F8-42B5-845A-649BE0BC1FE1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:berlin-l22:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8A1D3863-B8D9-4D1B-BA06-C88E65FFF74F"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:berlin-l23_firmware:berlin-l23c605b131:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D149B33F-FDEE-40C6-BC7E-463F53A443F7"}, {"criteria": "cpe:2.3:o:huawei:berlin-l23_firmware:berlin-l23domc109b160:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7FEDF1D0-E543-4B80-9781-150ABD93E534"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:berlin-l23:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1EA727F8-6B56-43B2-A7A1-D143CB966244"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:mha-al00a_firmware:mha-al00ac00b125:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8D6E9E44-6FFA-481E-8CDE-E8F13A7D6D37"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:mha-al00a:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "987F6D9F-B6FB-4A78-A4A1-9B37424D73A8"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@huawei.com"}

5.5 /10

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

4.3 /10

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2017-17201

5.5^/10

4.3^/10

Attach tags to `CVE-2017-17201`