CVE-2017-8172

CWE-129Improper Array Index Validation3 documents3 sources
Severity
5.5MEDIUM
EPSS
0.1%
top 80.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Huawei P10 FirmwareHuawei P10 Plus Firmware
Timeline
PublishedNov 22
Latest updateMay 17

Description

Isub service in P10 Plus and P10 smart phones with earlier than VKY-AL00C00B157 versions and earlier than VTR-AL00C00B157 versions has a denial of service (DoS) vulnerability. An attacker tricks a user into installing a malicious application on the smart phone, and the application can send given parameter to specific interface, which make a out-of-bounds array access that results in smart phone restart.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

NVDhuawei/p10_plus_firmware< vky-al00c00b157
NVDhuawei/p10_firmware< vtr-al00c00b157

🔴Vulnerability Details

2
GHSA
GHSA-g8mq-wmf4-5mwp: Isub service in P10 Plus and P10 smart phones with earlier than VKY-AL00C00B157 versions and earlier than VTR-AL00C00B157 versions has a denial of ser2022-05-17
CVEList
CVE-2017-8172: Isub service in P10 Plus and P10 smart phones with earlier than VKY-AL00C00B157 versions and earlier than VTR-AL00C00B157 versions has a denial of ser2017-11-22
CVE-2017-8172 (MEDIUM CVSS 5.5) | Isub service in P10 Plus and P10 sm | cvebase.io