CVE-2017-17172 - Huawei smart phones LYO-L21 with software LYO-L21C479B107, LYO-L21C479B107 have a privilege escalati

CVE-2017-17172

Summary

Huawei smart phones LYO-L21 with software LYO-L21C479B107, LYO-L21C479B107 have a privilege escalation vulnerability. An authenticated, local attacker can crafts malformed packets after tricking a user to install a malicious application and exploit this vulnerability when in the exception handling process. Successful exploitation may cause the attacker to obtain a higher privilege of the smart phones.

References

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180613-01-smartphone-en

Vulnerable Configurations

cpe:2.3:h:huawei:lyo-l21:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:lyo-l21:*:*:*:*:*:*:*:*
cpe:2.3:o:huawei:lyo-l21_firmware:lyo-l21c479b107:*:*:*:*:*:*:*
cpe:2.3:o:huawei:lyo-l21_firmware:lyo-l21c479b107:*:*:*:*:*:*:*
cpe:2.3:o:huawei:lyo-l21_firmware:lyo-l21c577b126:*:*:*:*:*:*:*
cpe:2.3:o:huawei:lyo-l21_firmware:lyo-l21c577b126:*:*:*:*:*:*:*

CVSS

Base:	4.4 (as of 03-10-2019 - 00:03)
Impact:
Exploitability:

CWE

CWE-755

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:L/AC:M/Au:N/C:P/I:P/A:P

refmap via4

confirm

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180613-01-smartphone-en

Last major update

03-10-2019 - 00:03

Published

14-06-2018 - 14:29

Last modified

03-10-2019 - 00:03