CVE-2017-8143 - OpenCVE

Wi-Fi driver of Honor 5C and P9 Lite Huawei smart phones with software versions earlier than NEM-L21C432B351 and versions earlier than VNS-L21C10B381 has a DoS vulnerability. An attacker may trick a user into installing a malicious application and the application can access invalid address of driver to crash the system.

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:N/AC:M/Au:N/C:N/I:N/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Huawei	P9 Lite P9 Lite Firmware Honor 5c Honor 5c Firmware

Configuration 1 [-]

AND

cpe:2.3:o:huawei:honor_5c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:honor_5c:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:huawei:p9_lite_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:p9_lite:-:*:*:*:*:*:*:*

References

Link	Resource
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170623-01-smartphone-en	Vendor Advisory
http://www.securityfocus.com/bid/99256	Third Party Advisory VDB Entry

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: huawei

Published: 2017-11-15T00:00:00

Updated: 2017-11-23T10:57:01

Reserved: 2017-04-25T00:00:00

Link: CVE-2017-8143

JSON object: View

NVD Information

Status : Analyzed

Published: 2017-11-22T19:29:03.083

Modified: 2017-12-11T18:06:21.987

Link: CVE-2017-8143

JSON object: View

Redhat Information

No data.

CWE

CWE-20

{"containers": {"cna": {"affected": [{"product": "Honor 5C, P9 Lite", "vendor": "Huawei Technologies Co., Ltd.", "versions": [{"status": "affected", "version": "Versions earlier than NEM-L21C432B351, Versions earlier than VNS-L21C10B381"}]}], "datePublic": "2017-11-15T00:00:00", "descriptions": [{"lang": "en", "value": "Wi-Fi driver of Honor 5C and P9 Lite Huawei smart phones with software versions earlier than NEM-L21C432B351 and versions earlier than VNS-L21C10B381 has a DoS vulnerability. An attacker may trick a user into installing a malicious application and the application can access invalid address of driver to crash the system."}], "problemTypes": [{"descriptions": [{"description": "DoS", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-11-23T10:57:01", "orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei"}, "references": [{"name": "99256", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/99256"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170623-01-smartphone-en"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@huawei.com", "DATE_PUBLIC": "2017-11-15T00:00:00", "ID": "CVE-2017-8143", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Honor 5C, P9 Lite", "version": {"version_data": [{"version_value": "Versions earlier than NEM-L21C432B351, Versions earlier than VNS-L21C10B381"}]}}]}, "vendor_name": "Huawei Technologies Co., Ltd."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Wi-Fi driver of Honor 5C and P9 Lite Huawei smart phones with software versions earlier than NEM-L21C432B351 and versions earlier than VNS-L21C10B381 has a DoS vulnerability. An attacker may trick a user into installing a malicious application and the application can access invalid address of driver to crash the system."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "DoS"}]}]}, "references": {"reference_data": [{"name": "99256", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99256"}, {"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170623-01-smartphone-en", "refsource": "CONFIRM", "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170623-01-smartphone-en"}]}}}}, "cveMetadata": {"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "assignerShortName": "huawei", "cveId": "CVE-2017-8143", "datePublished": "2017-11-15T00:00:00", "dateReserved": "2017-04-25T00:00:00", "dateUpdated": "2017-11-23T10:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:honor_5c_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "AC150003-0912-417D-8639-D6349563ABDB", "versionEndExcluding": "nem-l21c432b351", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:honor_5c:-:*:*:*:*:*:*:*", "matchCriteriaId": "0A135A0A-CBDE-4CFB-83EC-F1169D5AE71F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:p9_lite_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C63C0AED-03FD-4BE7-AAD8-CAAE3B30BA7B", "versionEndExcluding": "vns-l21c10b381", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:p9_lite:-:*:*:*:*:*:*:*", "matchCriteriaId": "866C3F90-FC3B-4A9F-8BAC-83A89077F96E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Wi-Fi driver of Honor 5C and P9 Lite Huawei smart phones with software versions earlier than NEM-L21C432B351 and versions earlier than VNS-L21C10B381 has a DoS vulnerability. An attacker may trick a user into installing a malicious application and the application can access invalid address of driver to crash the system."}, {"lang": "es", "value": "El controlador Wi-Fi de los smartphones Huawei Honor 5C y P9 Lite con versiones de software anteriores a la NEM-L21C432B351 y a la VNS-L21C10B381 tiene una vulnerabilidad de DoS. Un atacante podr\u00eda enga\u00f1ar a un usuario para que instale una aplicaci\u00f3n maliciosa que pueda acceder a una direcci\u00f3n inv\u00e1lida del controlador para provocar el cierre inesperado del sistema."}], "id": "CVE-2017-8143", "lastModified": "2017-12-11T18:06:21.987", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-11-22T19:29:03.083", "references": [{"source": "psirt@huawei.com", "tags": ["Vendor Advisory"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170623-01-smartphone-en"}, {"source": "psirt@huawei.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/99256"}], "sourceIdentifier": "psirt@huawei.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}