CVE-2017-17172

Опубликовано: 14 июн. 2018

Источник: nvd

CVSS3: 7.3

CVSS2: 4.4

EPSS Низкий

Описание

Huawei smart phones LYO-L21 with software LYO-L21C479B107, LYO-L21C479B107 have a privilege escalation vulnerability. An authenticated, local attacker can crafts malformed packets after tricking a user to install a malicious application and exploit this vulnerability when in the exception handling process. Successful exploitation may cause the attacker to obtain a higher privilege of the smart phones.

Ссылки

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180613-01-smartphone-en
Vendor Advisory
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180613-01-smartphone-en
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:h:huawei:lyo-l21:*:*:*:*:*:*:*:*

Одно из

cpe:2.3:o:huawei:lyo-l21_firmware:lyo-l21c479b107:*:*:*:*:*:*:*

cpe:2.3:o:huawei:lyo-l21_firmware:lyo-l21c577b126:*:*:*:*:*:*:*

EPSS

Процентиль: 6%

0.00024

Низкий

7.3 High

CVSS3

4.4 Medium

CVSS2

Дефекты

CWE-755

Связанные уязвимости

GHSA-77mv-hm7r-pr35