4.6
CVE-2017-17158
- EPSS 0.03%
- Veröffentlicht 24.05.2018 14:29:00
- Zuletzt bearbeitet 21.11.2024 03:17:36
- Quelle psirt@huawei.com
- Teams Watchlist Login
- Unerledigt Login
Some Huawei smart phones with the versions before Berlin-L21HNC185B381; the versions before Prague-AL00AC00B223; the versions before Prague-AL00BC00B223; the versions before Prague-AL00CC00B223; the versions before Prague-L31C432B208; the versions before Prague-TL00AC01B223; the versions before Prague-TL00AC01B223 have an information exposure vulnerability. When the user's smart phone connects to the malicious device for charging, an unauthenticated attacker may activate some specific function by sending some specially crafted messages. Due to insufficient input validation of the messages, successful exploit may cause information exposure.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Huawei ≫ Berlin-l21hn Firmware Version < l21hnc185b381
Huawei ≫ Prague-al00a Firmware Version < al00ac00b223
Huawei ≫ Prague-al00b Firmware Version < al00bc00b223
Huawei ≫ Prague-al00c Firmware Version < al00cc00b223
Huawei ≫ Prague-l31 Firmware Version < l31c432b208
Huawei ≫ Prague-tl00a Firmware Version < tl00ac01b223
Huawei ≫ Prague-tl10a Firmware Version < tl00ac01b223
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.03% | 0.052 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.6 | 0.9 | 3.6 |
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 2.1 | 3.9 | 2.9 |
AV:L/AC:L/Au:N/C:P/I:N/A:N
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.