CVE-2017-8183

CWE-200 — Information Exposure3 documents3 sources

Severity

5.5MEDIUM

EPSS

0.1%

top 71.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei MTK Platform Smart Phone Firmware Huawei Technologies Co., Ltd. Nice-al00

Timeline

PublishedNov 22

Latest updateMay 17

Description

MTK platform in Huawei smart phones with software of earlier than Nice-AL00C00B160 versions, earlier than Nice-AL10C00B140 versions has a any memory access vulnerability. An attacker tricks a user into installing a malicious application on the smart phone, and send given parameter to cause to any memory access vulnerabilities, leading to sensitive information leakage.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶NVDhuawei/mtk_platform_smart_phone_firmware< nice-al10c00b140+1

▶CVEListV5huawei_technologies_co.,_ltd./nice-al00Earlier than Nice-AL00C00B160 versions, Earlier than Nice-AL10C00B140 versions

🔴Vulnerability Details

GHSA

GHSA-2wg8-j75p-4mrm: MTK platform in Huawei smart phones with software of earlier than Nice-AL00C00B160 versions, earlier than Nice-AL10C00B140 versions has a any memory a↗2022-05-17

▶

CVEList

CVE-2017-8183: MTK platform in Huawei smart phones with software of earlier than Nice-AL00C00B160 versions, earlier than Nice-AL10C00B140 versions has a any memory a↗2017-11-22

▶