CVE-2017-8172

EPSS 0.06%
Published 22.11.2017 19:29:04
Last modified 20.04.2025 01:37:25
Source psirt@huawei.com
Teams watchlist Login
Open Login

Isub service in P10 Plus and P10 smart phones with earlier than VKY-AL00C00B157 versions and earlier than VTR-AL00C00B157 versions has a denial of service (DoS) vulnerability. An attacker tricks a user into installing a malicious application on the smart phone, and the application can send given parameter to specific interface, which make a out-of-bounds array access that results in smart phone restart.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Huawei ≫ P10 Plus Firmware Version < vky-al00c00b157

Huawei ≫ P10 Plus Version-

Huawei ≫ P10 Firmware Version < vtr-al00c00b157

Huawei ≫ P10 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.06%	0.16

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvd@nist.gov	7.1	8.6	6.9	AV:N/AC:M/Au:N/C:N/I:N/A:C

CWE-129 Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170628-01-isub-en

Vendor Advisory

http://www.securityfocus.com/bid/99370

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2017-8172

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-8172

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-8172

EUVD