CVE-2017-17172 - OpenCVE

Huawei smart phones LYO-L21 with software LYO-L21C479B107, LYO-L21C479B107 have a privilege escalation vulnerability. An authenticated, local attacker can crafts malformed packets after tricking a user to install a malicious application and exploit this vulnerability when in the exception handling process. Successful exploitation may cause the attacker to obtain a higher privilege of the smart phones.

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Huawei	Lyo-l21 Firmware Lyo-l21

Configuration 1 [-]

AND

cpe:2.3:h:huawei:lyo-l21:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:huawei:lyo-l21_firmware:lyo-l21c479b107:::::::*
	cpe:2.3:o:huawei:lyo-l21_firmware:lyo-l21c577b126:::::::*

References

Link	Resource
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180613-01-smartphone-en	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: huawei

Published: 2018-06-14T14:00:00

Updated: 2018-06-14T13:57:01

Reserved: 2017-12-04T00:00:00

Link: CVE-2017-17172

JSON object: View

NVD Information

Status : Analyzed

Published: 2018-06-14T14:29:00.213

Modified: 2019-10-03T00:03:26.223

Link: CVE-2017-17172

JSON object: View

Redhat Information

No data.

CWE

CWE-755

{"containers": {"cna": {"affected": [{"product": "LYO-L21", "vendor": "Huawei Technologies Co., Ltd.", "versions": [{"status": "affected", "version": "LYO-L21C479B107, LYO-L21C479B107"}]}], "datePublic": "2018-06-13T00:00:00", "descriptions": [{"lang": "en", "value": "Huawei smart phones LYO-L21 with software LYO-L21C479B107, LYO-L21C479B107 have a privilege escalation vulnerability. An authenticated, local attacker can crafts malformed packets after tricking a user to install a malicious application and exploit this vulnerability when in the exception handling process. Successful exploitation may cause the attacker to obtain a higher privilege of the smart phones."}], "problemTypes": [{"descriptions": [{"description": "privilege escalation", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-06-14T13:57:01", "orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180613-01-smartphone-en"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@huawei.com", "ID": "CVE-2017-17172", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "LYO-L21", "version": {"version_data": [{"version_value": "LYO-L21C479B107, LYO-L21C479B107"}]}}]}, "vendor_name": "Huawei Technologies Co., Ltd."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Huawei smart phones LYO-L21 with software LYO-L21C479B107, LYO-L21C479B107 have a privilege escalation vulnerability. An authenticated, local attacker can crafts malformed packets after tricking a user to install a malicious application and exploit this vulnerability when in the exception handling process. Successful exploitation may cause the attacker to obtain a higher privilege of the smart phones."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "privilege escalation"}]}]}, "references": {"reference_data": [{"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180613-01-smartphone-en", "refsource": "CONFIRM", "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180613-01-smartphone-en"}]}}}}, "cveMetadata": {"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "assignerShortName": "huawei", "cveId": "CVE-2017-17172", "datePublished": "2018-06-14T14:00:00", "dateReserved": "2017-12-04T00:00:00", "dateUpdated": "2018-06-14T13:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:lyo-l21:*:*:*:*:*:*:*:*", "matchCriteriaId": "EE3197E9-9768-4186-A33E-46D1AE6C682F", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:lyo-l21_firmware:lyo-l21c479b107:*:*:*:*:*:*:*", "matchCriteriaId": "C2A68539-C54A-49B9-9A5C-8F97B241E301", "vulnerable": false}, {"criteria": "cpe:2.3:o:huawei:lyo-l21_firmware:lyo-l21c577b126:*:*:*:*:*:*:*", "matchCriteriaId": "402A8154-D280-4948-81B3-1F23F95A3072", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Huawei smart phones LYO-L21 with software LYO-L21C479B107, LYO-L21C479B107 have a privilege escalation vulnerability. An authenticated, local attacker can crafts malformed packets after tricking a user to install a malicious application and exploit this vulnerability when in the exception handling process. Successful exploitation may cause the attacker to obtain a higher privilege of the smart phones."}, {"lang": "es", "value": "Los smartphones Huawei LYO-L21 con software en versiones LYO-L21C479B107 y LYO-L21C479B107 tienen una vulnerabilidad de escalado de privilegios. Un atacante local autenticado puede manipular paquetes mal formados tras enga\u00f1ar a un usuario para que instale una aplicaci\u00f3n maliciosa y explotar esta vulnerabilidad mientras se est\u00e1 en el proceso de gesti\u00f3n de excepciones. La explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda provocar que el atacante obtenga privilegios mayores en el smartphone."}], "id": "CVE-2017-17172", "lastModified": "2019-10-03T00:03:26.223", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.3, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-06-14T14:29:00.213", "references": [{"source": "psirt@huawei.com", "tags": ["Vendor Advisory"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180613-01-smartphone-en"}], "sourceIdentifier": "psirt@huawei.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-755"}], "source": "nvd@nist.gov", "type": "Primary"}]}