1. CVE-Search
  2. CVE-2017-8172
ID CVE-2017-8172
Summary Isub service in P10 Plus and P10 smart phones with earlier than VKY-AL00C00B157 versions and earlier than VTR-AL00C00B157 versions has a denial of service (DoS) vulnerability. An attacker tricks a user into installing a malicious application on the smart phone, and the application can send given parameter to specific interface, which make a out-of-bounds array access that results in smart phone restart.
References
Vulnerable Configurations
  • cpe:2.3:o:huawei:p10_plus_firmware:8.0.0.357\(c00\):*:*:*:*:*:*:*
    cpe:2.3:o:huawei:p10_plus_firmware:8.0.0.357\(c00\):*:*:*:*:*:*:*
  • cpe:2.3:o:huawei:p10_plus_firmware:9.1.0.201\(c01e75r1p12t8\):*:*:*:*:*:*:*
    cpe:2.3:o:huawei:p10_plus_firmware:9.1.0.201\(c01e75r1p12t8\):*:*:*:*:*:*:*
  • cpe:2.3:o:huawei:p10_plus_firmware:9.1.0.252\(c185e2r1p9t8\):*:*:*:*:*:*:*
    cpe:2.3:o:huawei:p10_plus_firmware:9.1.0.252\(c185e2r1p9t8\):*:*:*:*:*:*:*
  • cpe:2.3:o:huawei:p10_plus_firmware:9.1.0.252\(c432e4r1p9t8\):*:*:*:*:*:*:*
    cpe:2.3:o:huawei:p10_plus_firmware:9.1.0.252\(c432e4r1p9t8\):*:*:*:*:*:*:*
  • cpe:2.3:o:huawei:p10_plus_firmware:9.1.0.255\(c576e6r1p8t8\):*:*:*:*:*:*:*
    cpe:2.3:o:huawei:p10_plus_firmware:9.1.0.255\(c576e6r1p8t8\):*:*:*:*:*:*:*
  • cpe:2.3:o:huawei:p10_plus_firmware:vicky-al00ac00b172:*:*:*:*:*:*:*
    cpe:2.3:o:huawei:p10_plus_firmware:vicky-al00ac00b172:*:*:*:*:*:*:*
  • cpe:2.3:o:huawei:p10_plus_firmware:vicky-al00ac00b172d:*:*:*:*:*:*:*
    cpe:2.3:o:huawei:p10_plus_firmware:vicky-al00ac00b172d:*:*:*:*:*:*:*
  • cpe:2.3:o:huawei:p10_plus_firmware:vicky-l29ac605b162:*:*:*:*:*:*:*
    cpe:2.3:o:huawei:p10_plus_firmware:vicky-l29ac605b162:*:*:*:*:*:*:*
  • cpe:2.3:o:huawei:p10_plus_firmware:vky-al00c00b123:*:*:*:*:*:*:*
    cpe:2.3:o:huawei:p10_plus_firmware:vky-al00c00b123:*:*:*:*:*:*:*
  • cpe:2.3:o:huawei:p10_plus_firmware:vky-al00c00b153:*:*:*:*:*:*:*
    cpe:2.3:o:huawei:p10_plus_firmware:vky-al00c00b153:*:*:*:*:*:*:*
  • cpe:2.3:h:huawei:p10_plus:-:*:*:*:*:*:*:*
    cpe:2.3:h:huawei:p10_plus:-:*:*:*:*:*:*:*
  • cpe:2.3:o:huawei:p10_firmware:victoria-al00ac00b217:*:*:*:*:*:*:*
    cpe:2.3:o:huawei:p10_firmware:victoria-al00ac00b217:*:*:*:*:*:*:*
  • cpe:2.3:o:huawei:p10_firmware:victoria-l09ac605b162:*:*:*:*:*:*:*
    cpe:2.3:o:huawei:p10_firmware:victoria-l09ac605b162:*:*:*:*:*:*:*
  • cpe:2.3:o:huawei:p10_firmware:victoria-l29ac605b162:*:*:*:*:*:*:*
    cpe:2.3:o:huawei:p10_firmware:victoria-l29ac605b162:*:*:*:*:*:*:*
  • cpe:2.3:o:huawei:p10_firmware:vtr-al00c00b123:*:*:*:*:*:*:*
    cpe:2.3:o:huawei:p10_firmware:vtr-al00c00b123:*:*:*:*:*:*:*
  • cpe:2.3:h:huawei:p10:-:*:*:*:*:*:*:*
    cpe:2.3:h:huawei:p10:-:*:*:*:*:*:*:*
CVSS
Base: 7.1 (as of 12-12-2017 - 18:13)
Impact:
Exploitability:
CWE CWE-129
CAPEC
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an adversary. As a consequence, an adversary is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the adversaries' choice.
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:C
refmap via4
bid 99370
confirm http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170628-01-isub-en
Last major update 12-12-2017 - 18:13
Published 22-11-2017 - 19:29
Last modified 12-12-2017 - 18:13
Back to Top