CVE-2017-17328

{"id": "CVE-2017-17328", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.1, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2018-03-09T17:29:02.220", "references": [{"url": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171220-01-smartphone-en", "tags": ["Vendor Advisory"], "source": "psirt@huawei.com"}, {"url": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171220-01-smartphone-en", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-190"}]}], "descriptions": [{"lang": "en", "value": "Huawei smartphones with software of MHA-AL00AC00B125 have an integer overflow vulnerability. The software does not process certain variable properly when handle certain process. An attacker tricks the user who has root privilege to install a crafted application, successful exploit could cause information disclosure."}, {"lang": "es", "value": "Los smartphones Huawei con software MHA-AL00AC00B125 tienen una vulnerabilidad de desbordamiento de enteros. El software no procesa ciertas variables correctamente cuando gestiona cierto proceso. Un atacante enga\u00f1a al usuario con privilegios root para que instale una aplicaci\u00f3n maliciosa, por lo que la explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda provocar una divulgaci\u00f3n de informaci\u00f3n."}], "lastModified": "2024-11-21T03:17:50.790", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:mha-al00a_firmware:mha-al00ac00b125:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8D6E9E44-6FFA-481E-8CDE-E8F13A7D6D37"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:mha-al00a:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "987F6D9F-B6FB-4A78-A4A1-9B37424D73A8"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@huawei.com"}