CVE-2017-17171

CWE-20 — Improper Input Validation3 documents3 sources

Severity

4.2MEDIUM

EPSS

0.0%

top 85.79%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei Mate 8 Firmware Huawei P9 Firmware Huawei P9 Plus Firmware

Timeline

PublishedJun 1

Latest updateMay 14

Description

Some Huawei smart phones have the denial of service (DoS) vulnerability due to the improper processing of malicious parameters. An attacker may trick a target user into installing a malicious APK and launch attacks using a pre-installed app with specific permissions. Successful exploit could allow the app to send specific parameters to the smart phone driver, which will result in system restart.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:HExploitability: 0.6 | Impact: 3.6

Affected Packages3 packages

▶NVDhuawei/p9_firmware< eva-al00c00b398+14

▶NVDhuawei/mate_8_firmware< nxt-al10c00b593+10

▶NVDhuawei/p9_plus_firmware< vie-l09c318b182+4

🔴Vulnerability Details

GHSA

GHSA-5fxj-3vg5-qmf8: Some Huawei smart phones have the denial of service (DoS) vulnerability due to the improper processing of malicious parameters↗2022-05-14

▶

CVEList

CVE-2017-17171: Some Huawei smart phones have the denial of service (DoS) vulnerability due to the improper processing of malicious parameters↗2018-06-01

▶