CVE-2017-2713 - OpenCVE

HUAWEI P9 smartphones with software versions earlier before EVA-L09C432B383, versions earlier before EVA-L09C636B380, versions earlier before VIE-L09C432B370, versions earlier before VIE-L29C636B370 have an insufficient input validation vulnerability. An attacker could exploit this vulnerability to tamper with air interface signaling messages and obtain some communication information.

No CVSS v3.1

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:A/AC:L/Au:N/C:P/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Huawei	P9 Firmware P9

Configuration 1 [-]

AND

cpe:2.3:o:huawei:p9_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:p9:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:huawei:p9_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:p9:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:huawei:p9_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:p9:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:huawei:p9_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:p9:-:*:*:*:*:*:*:*

References

Link	Resource
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170419-01-smartphone-en	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: huawei

Published: 2017-11-15T00:00:00

Updated: 2017-11-22T18:57:01

Reserved: 2016-12-01T00:00:00

Link: CVE-2017-2713

JSON object: View

NVD Information

Status : Analyzed

Published: 2017-11-22T19:29:01.053

Modified: 2017-12-12T18:04:21.240

Link: CVE-2017-2713

JSON object: View

Redhat Information

No data.

CWE

CWE-20

{"containers": {"cna": {"affected": [{"product": "HUAWEI P9", "vendor": "Huawei Technologies Co., Ltd.", "versions": [{"status": "affected", "version": "Versions earlier before EVA-L09C432B383, Versions earlier before EVA-L09C636B380, Versions earlier before VIE-L09C432B370, Versions earlier before VIE-L29C636B370"}]}], "datePublic": "2017-11-15T00:00:00", "descriptions": [{"lang": "en", "value": "HUAWEI P9 smartphones with software versions earlier before EVA-L09C432B383, versions earlier before EVA-L09C636B380, versions earlier before VIE-L09C432B370, versions earlier before VIE-L29C636B370 have an insufficient input validation vulnerability. An attacker could exploit this vulnerability to tamper with air interface signaling messages and obtain some communication information."}], "problemTypes": [{"descriptions": [{"description": "Insufficient Input Validation", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-11-22T18:57:01", "orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170419-01-smartphone-en"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@huawei.com", "DATE_PUBLIC": "2017-11-15T00:00:00", "ID": "CVE-2017-2713", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "HUAWEI P9", "version": {"version_data": [{"version_value": "Versions earlier before EVA-L09C432B383, Versions earlier before EVA-L09C636B380, Versions earlier before VIE-L09C432B370, Versions earlier before VIE-L29C636B370"}]}}]}, "vendor_name": "Huawei Technologies Co., Ltd."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "HUAWEI P9 smartphones with software versions earlier before EVA-L09C432B383, versions earlier before EVA-L09C636B380, versions earlier before VIE-L09C432B370, versions earlier before VIE-L29C636B370 have an insufficient input validation vulnerability. An attacker could exploit this vulnerability to tamper with air interface signaling messages and obtain some communication information."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Insufficient Input Validation"}]}]}, "references": {"reference_data": [{"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170419-01-smartphone-en", "refsource": "CONFIRM", "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170419-01-smartphone-en"}]}}}}, "cveMetadata": {"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "assignerShortName": "huawei", "cveId": "CVE-2017-2713", "datePublished": "2017-11-15T00:00:00", "dateReserved": "2016-12-01T00:00:00", "dateUpdated": "2017-11-22T18:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:p9_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4B03331B-9950-4E4E-AEE9-410A240DAA04", "versionEndExcluding": "eva-l09c432b383", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:p9:-:*:*:*:*:*:*:*", "matchCriteriaId": "B1E734BC-513F-4FF6-B4AB-46A3AD8FA9BA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:p9_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "19035021-5B60-4150-843C-B0CB8A565FAE", "versionEndExcluding": "eva-l09c636b380", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:p9:-:*:*:*:*:*:*:*", "matchCriteriaId": "B1E734BC-513F-4FF6-B4AB-46A3AD8FA9BA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:p9_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "8008681F-6BEA-4342-9542-CC2800AE624A", "versionEndExcluding": "vie-l09c432b370", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:p9:-:*:*:*:*:*:*:*", "matchCriteriaId": "B1E734BC-513F-4FF6-B4AB-46A3AD8FA9BA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:p9_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C95F01C4-248E-42FB-98F1-2547C088617D", "versionEndExcluding": "vie-l29c636b370", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:p9:-:*:*:*:*:*:*:*", "matchCriteriaId": "B1E734BC-513F-4FF6-B4AB-46A3AD8FA9BA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "HUAWEI P9 smartphones with software versions earlier before EVA-L09C432B383, versions earlier before EVA-L09C636B380, versions earlier before VIE-L09C432B370, versions earlier before VIE-L29C636B370 have an insufficient input validation vulnerability. An attacker could exploit this vulnerability to tamper with air interface signaling messages and obtain some communication information."}, {"lang": "es", "value": "Los smartphones Huawei P9 con versiones de software anteriores a la EVA-AL00C00B365, anteriores a la EVA-L09C636B380, anteriores a la VIE-L09C432B370 y versiones anteriores a la VIE-L29C636B370 tienen una vulnerabilidad de validaci\u00f3n de entradas insuficiente. Un atacante podr\u00eda explotar esta vulnerabilidad para alterar los mensajes de se\u00f1alizaci\u00f3n de interfaz a\u00e9rea y obtener informaci\u00f3n de comunicaci\u00f3n."}], "id": "CVE-2017-2713", "lastModified": "2017-12-12T18:04:21.240", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-11-22T19:29:01.053", "references": [{"source": "psirt@huawei.com", "tags": ["Vendor Advisory"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170419-01-smartphone-en"}], "sourceIdentifier": "psirt@huawei.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}