CVE-2017-17327

{"id": "CVE-2017-17327", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2018-03-09T17:29:02.190", "references": [{"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-03-smartphone-en", "tags": ["Vendor Advisory"], "source": "psirt@huawei.com"}, {"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-03-smartphone-en", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Huawei smartphones with software of MHA-AL00AC00B125 have an improper resource management vulnerability. The software does not properly manage the resource when do device register operation. An attacker tricks the user who has root privilege to install a crafted application, successful exploit could cause certain service unavailable."}, {"lang": "es", "value": "Los smartphones Huawei con software MHA-AL00AC00B125 tienen una vulnerabilidad de gesti\u00f3n incorrecta de recursos. El software no gestiona adecuadamente el recurso al realizar operaciones de registro de dispositivo. Un atacante enga\u00f1a al usuario con privilegios root para que instale una aplicaci\u00f3n maliciosa, por lo que la explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda provocar que ciertos servicios no est\u00e9n disponibles."}], "lastModified": "2024-11-21T03:17:50.680", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:mha-al00a_firmware:mha-al00ac00b125:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8D6E9E44-6FFA-481E-8CDE-E8F13A7D6D37"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:mha-al00a:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "987F6D9F-B6FB-4A78-A4A1-9B37424D73A8"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@huawei.com"}