CVE-2017-17175

CWE-20 — Improper Input Validation3 documents3 sources

Severity

6.5MEDIUM

EPSS

0.0%

top 85.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei Mate 9 PRO Huawei Technologies Co., Ltd. Mate 9 PRO

Timeline

PublishedJul 2

Latest updateMay 14

Description

Short Message Service (SMS) module of Mate 9 Pro Huawei smart phones with the versions before LON-AL00B 8.0.0.354(C00) has a Denial of Service (DoS) vulnerability. An unauthenticated attacker may set up a pseudo base station, and send special malware text message to the phone, causing the mobile phone to fail to make calls and send and receive text messages.

CVSS vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶NVDhuawei/mate_9_pro< lon-al00b_8.0.0.354\(c00\)

▶CVEListV5huawei_technologies_co.,_ltd./mate_9_proThe versions before LON-AL00B 8.0.0.354(C00)

🔴Vulnerability Details

GHSA

GHSA-xw4f-5967-g57v: Short Message Service (SMS) module of Mate 9 Pro Huawei smart phones with the versions before LON-AL00B 8↗2022-05-14

▶

CVEList

CVE-2017-17175: Short Message Service (SMS) module of Mate 9 Pro Huawei smart phones with the versions before LON-AL00B 8↗2018-07-02

▶