CVE-2017-8211 - OpenCVE

The driver of honor 5C,honor 6x Huawei smart phones with software of versions earlier than NEM-AL10C00B356, versions earlier than Berlin-L21HNC432B360 have a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP which has the root privilege of the Android system, the APP can send a specific parameter to the driver of the smart phone, causing a system reboot or arbitrary code execution.

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Huawei	Honor 6x Honor 6x Firmware Honor 5c Honor 5c Firmware

Configuration 1 [-]

AND

cpe:2.3:o:huawei:honor_5c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:honor_5c:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:huawei:honor_6x_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:honor_6x:-:*:*:*:*:*:*:*

References

Link	Resource
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170801-01-smartphone-en	Issue Tracking Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: huawei

Published: 2017-11-15T00:00:00

Updated: 2017-11-22T18:57:01

Reserved: 2017-04-25T00:00:00

Link: CVE-2017-8211

JSON object: View

NVD Information

Status : Analyzed

Published: 2017-11-22T19:29:05.413

Modified: 2017-12-06T14:59:02.753

Link: CVE-2017-8211

JSON object: View

Redhat Information

No data.

CWE

CWE-119

{"containers": {"cna": {"affected": [{"product": "honor 5C,honor 6x", "vendor": "Huawei Technologies Co., Ltd.", "versions": [{"status": "affected", "version": "Versions earlier than NEM-AL10C00B356,Versions earlier than Berlin-L21HNC432B360"}]}], "datePublic": "2017-11-15T00:00:00", "descriptions": [{"lang": "en", "value": "The driver of honor 5C,honor 6x Huawei smart phones with software of versions earlier than NEM-AL10C00B356, versions earlier than Berlin-L21HNC432B360 have a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP which has the root privilege of the Android system, the APP can send a specific parameter to the driver of the smart phone, causing a system reboot or arbitrary code execution."}], "problemTypes": [{"descriptions": [{"description": "buffer overflow", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-11-22T18:57:01", "orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170801-01-smartphone-en"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@huawei.com", "DATE_PUBLIC": "2017-11-15T00:00:00", "ID": "CVE-2017-8211", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "honor 5C,honor 6x", "version": {"version_data": [{"version_value": "Versions earlier than NEM-AL10C00B356,Versions earlier than Berlin-L21HNC432B360"}]}}]}, "vendor_name": "Huawei Technologies Co., Ltd."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The driver of honor 5C,honor 6x Huawei smart phones with software of versions earlier than NEM-AL10C00B356, versions earlier than Berlin-L21HNC432B360 have a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP which has the root privilege of the Android system, the APP can send a specific parameter to the driver of the smart phone, causing a system reboot or arbitrary code execution."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "buffer overflow"}]}]}, "references": {"reference_data": [{"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170801-01-smartphone-en", "refsource": "CONFIRM", "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170801-01-smartphone-en"}]}}}}, "cveMetadata": {"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "assignerShortName": "huawei", "cveId": "CVE-2017-8211", "datePublished": "2017-11-15T00:00:00", "dateReserved": "2017-04-25T00:00:00", "dateUpdated": "2017-11-22T18:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:honor_5c_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4FFA4D07-20C1-4D38-96A4-1A9963D884C2", "versionEndExcluding": "nem-al10c00b356", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:honor_5c:-:*:*:*:*:*:*:*", "matchCriteriaId": "0A135A0A-CBDE-4CFB-83EC-F1169D5AE71F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:honor_6x_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "1C7B6ECD-6116-4604-B2AC-6BD605CADA21", "versionEndExcluding": "berlin-l21hnc432b360", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:honor_6x:-:*:*:*:*:*:*:*", "matchCriteriaId": "07006372-CA98-4256-9C07-A2152A8D2BBA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "The driver of honor 5C,honor 6x Huawei smart phones with software of versions earlier than NEM-AL10C00B356, versions earlier than Berlin-L21HNC432B360 have a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP which has the root privilege of the Android system, the APP can send a specific parameter to the driver of the smart phone, causing a system reboot or arbitrary code execution."}, {"lang": "es", "value": "El controlador de los smartphones Huawei Honor 5C y Honor 6x con versiones de software anteriores a NEM-AL10C00B356 y Berlin-L21HNC432B360 tiene una vulnerabilidad de desbordamiento de b\u00fafer debido a la falta de validaci\u00f3n de par\u00e1metros. Un atacante puede enga\u00f1ar a un usuario para que instale una app maliciosa que tiene privilegios root del sistema Android. La app podr\u00eda enviar un par\u00e1metro espec\u00edfico al controlador del smartphone, provocando el reinicio del sistema o la ejecuci\u00f3n de c\u00f3digo arbitrario."}], "id": "CVE-2017-8211", "lastModified": "2017-12-06T14:59:02.753", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-11-22T19:29:05.413", "references": [{"source": "psirt@huawei.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170801-01-smartphone-en"}], "sourceIdentifier": "psirt@huawei.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}