Vulnerability Description
Huawei Mate 9 and Mate 9 pro smart phones with software the versions before MHA-AL00B 8.0.0.334(C00); the versions before LON-AL00B 8.0.0.334(C00) have a information leak vulnerability in the date service proxy implementation. An attacker may trick a user into installing a malicious application and application can exploit the vulnerability to get kernel date which may cause sensitive information leak.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Huawei | Mate 9 Pro Firmware | < lon-al00b_8.0.0.334\(c00\) |
| Huawei | Mate 9 Pro | - |
| Huawei | Mate 9 Firmware | < mha-al00b_8.0.0.334\(c00\) |
| Huawei | Mate 9 | - |
Related Weaknesses (CWE)
References
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171213-04-smartphVendor Advisory
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171213-04-smartphVendor Advisory
FAQ
What is CVE-2017-17139?
CVE-2017-17139 is a vulnerability with a CVSS score of 5.5 (MEDIUM). Huawei Mate 9 and Mate 9 pro smart phones with software the versions before MHA-AL00B 8.0.0.334(C00); the versions before LON-AL00B 8.0.0.334(C00) have a information leak vulnerability in the date ser...
How severe is CVE-2017-17139?
CVE-2017-17139 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-17139?
Check the references section above for vendor advisories and patch information. Affected products include: Huawei Mate 9 Pro Firmware, Huawei Mate 9 Pro, Huawei Mate 9 Firmware, Huawei Mate 9.