CVE-2017-8172

Опубликовано: 22 нояб. 2017

Источник: nvd

CVSS3: 5.5

CVSS2: 7.1

EPSS Низкий

Описание

Isub service in P10 Plus and P10 smart phones with earlier than VKY-AL00C00B157 versions and earlier than VTR-AL00C00B157 versions has a denial of service (DoS) vulnerability. An attacker tricks a user into installing a malicious application on the smart phone, and the application can send given parameter to specific interface, which make a out-of-bounds array access that results in smart phone restart.

Ссылки

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170628-01-isub-en
Vendor Advisory
http://www.securityfocus.com/bid/99370
Third Party Advisory
VDB Entry
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170628-01-isub-en
Vendor Advisory
http://www.securityfocus.com/bid/99370
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:huawei:p10_plus_firmware:*:*:*:*:*:*:*:*

Версия до vky-al00c00b157 (исключая)

cpe:2.3:h:huawei:p10_plus:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:o:huawei:p10_firmware:*:*:*:*:*:*:*:*

Версия до vtr-al00c00b157 (исключая)

cpe:2.3:h:huawei:p10:-:*:*:*:*:*:*:*

EPSS

Процентиль: 19%

0.00061

Низкий

5.5 Medium

CVSS3

7.1 High

CVSS2

Дефекты

CWE-129

Связанные уязвимости

GHSA-g8mq-wmf4-5mwp