CVE-2017-8207

Опубликовано: 22 нояб. 2017

Источник: nvd

CVSS3: 7.8

CVSS2: 9.3

EPSS Низкий

Описание

The driver of honor 5C, honor 6x Huawei smart phones with software of versions earlier than NEM-AL10C00B356, versions earlier than Berlin-L21HNC432B360 have a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP which has the root privilege of the Android system, the APP can send a specific parameter to the driver of the smart phone, causing a system reboot or arbitrary code execution.

Ссылки

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170801-01-smartphone-en
Issue Tracking
Vendor Advisory
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170801-01-smartphone-en
Issue Tracking
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:huawei:honor_5c_firmware:*:*:*:*:*:*:*:*

Версия до nem-al10c00b356 (исключая)

cpe:2.3:h:huawei:honor_5c:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:o:huawei:honor_6x_firmware:*:*:*:*:*:*:*:*

Версия до berlin-l21hnc432b360 (исключая)

cpe:2.3:h:huawei:honor_6x:-:*:*:*:*:*:*:*

EPSS

Процентиль: 39%

0.00177

Низкий

7.8 High

CVSS3

9.3 Critical

CVSS2

Дефекты

CWE-119

Связанные уязвимости

GHSA-qp8c-gx3x-c3rc