CVE-2017-15311

The baseband modules of Mate 10, Mate 10 Pro, Mate 9, Mate 9 Pro Huawei smart phones with software before ALP-AL00 8.0.0.120(SP2C00), before BLA-AL00 8.0.0.120(SP2C00), before MHA-AL00B 8.0.0.334(C00), and before LON-AL00B 8.0.0.334(C00) have a stack overflow vulnerability due to the lack of parameter validation. An attacker could send malicious packets to the smart phones within radio range by special wireless device, which leads stack overflow when the baseband module handles these packets. The attacker could exploit this vulnerability to perform a denial of service attack or remote code execution in baseband module.

CVSS v3 8.8 HIGH
CVSS v2.0 5.8 MEDIUM

8.8^/10

CVSS v3 : HIGH

Vector : AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability : 2.8 / Impact : 5.9

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

5.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:A/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 6.5 / Impact : 6.4

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171125-01-baseband-en	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:huawei:mate_10_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:mate_10:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:huawei:mate_10_pro_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:mate_10_pro:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:huawei:mate_9_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:mate_9:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:huawei:mate_9_pro_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:mate_9_pro:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2017-12-22 17:29

Updated : 2024-02-28 16:04

NVD link : CVE-2017-15311

Mitre link : CVE-2017-15311

CVE.ORG link : CVE-2017-15311

JSON object : View

Products Affected

huawei

mate_9_pro
mate_9
mate_9_firmware
mate_10_pro_firmware
mate_9_pro_firmware
mate_10
mate_10_pro
mate_10_firmware

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

{"id": "CVE-2017-15311", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.8, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 6.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2017-12-22T17:29:13.063", "references": [{"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171125-01-baseband-en", "tags": ["Vendor Advisory"], "source": "psirt@huawei.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "The baseband modules of Mate 10, Mate 10 Pro, Mate 9, Mate 9 Pro Huawei smart phones with software before ALP-AL00 8.0.0.120(SP2C00), before BLA-AL00 8.0.0.120(SP2C00), before MHA-AL00B 8.0.0.334(C00), and before LON-AL00B 8.0.0.334(C00) have a stack overflow vulnerability due to the lack of parameter validation. An attacker could send malicious packets to the smart phones within radio range by special wireless device, which leads stack overflow when the baseband module handles these packets. The attacker could exploit this vulnerability to perform a denial of service attack or remote code execution in baseband module."}, {"lang": "es", "value": "Los m\u00f3dulos baseband de los smartphones Huawei Mate 10, Mate 10 Pro, Mate 9 y Mate 9 Pro con versiones de software anteriores a ALP-AL00 8.0.0.120(SP2C00), anteriores a BLA-AL00 8.0.0.120(SP2C00), anteriores a MHA-AL00B 8.0.0.334(C00) y anteriores a LON-AL00B 8.0.0.334(C00) incluyen una vulnerabilidad de desbordamiento de pila debido a una falta de validaci\u00f3n de par\u00e1metros. Un atacante podr\u00eda enviar paquetes maliciosos a los smartphones dentro del rango de radio mediante dispositivos inal\u00e1mbricos especiales. Esto da lugar a un desbordamiento de pila cuando el m\u00f3dulo baseband manipula estos paquetes. El atacante podr\u00eda explotar esta vulnerabilidad para realizar un ataque de denegaci\u00f3n de servicio (DoS) o para ejecutar c\u00f3digo de manera remota en el m\u00f3dulo baseband."}], "lastModified": "2018-01-09T17:22:46.803", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:mate_10_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F7E91ECD-963D-4547-8712-912A68678E04", "versionEndExcluding": "alp-al00_8.0.0.120\\(sp2c00\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:mate_10:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "394490F2-5E47-4A28-A71C-075DBBA34C9E"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:mate_10_pro_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "70F576DC-ADE1-4DE1-BDBA-617013F4DAD3", "versionEndExcluding": "bla-al00_8.0.0.120\\(sp2c00\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:mate_10_pro:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5FC0AD4F-0368-4F29-ACCF-B948B8C6BE05"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:mate_9_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B9640332-F80C-4360-A67E-C00C99D807D5", "versionEndExcluding": "mha-al00b_8.0.0.334\\(c00\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:mate_9:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "93FB7D8B-A819-4CBB-85D1-D3984D963351"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:mate_9_pro_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1C983B9F-8A7B-4FF1-8073-7C397714991A", "versionEndExcluding": "lon-al00b_8.0.0.334\\(c00\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:mate_9_pro:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E4CC4AF8-2F6D-41FC-9697-17472AF32FC6"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@huawei.com"}