CVE-2017-17158 — MEDIUM (4.6)

Q: How severe is CVE-2017-17158?

CVE-2017-17158 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2017-17158?

Check the references section above for vendor advisories and patch information. Affected products include: Huawei Berlin-L21Hn Firmware, Huawei Berlin-L21Hn, Huawei Prague-Al00A Firmware, Huawei Prague-Al00A, Huawei Prague-Al00B Firmware.

Vulnerability Description

Some Huawei smart phones with the versions before Berlin-L21HNC185B381; the versions before Prague-AL00AC00B223; the versions before Prague-AL00BC00B223; the versions before Prague-AL00CC00B223; the versions before Prague-L31C432B208; the versions before Prague-TL00AC01B223; the versions before Prague-TL00AC01B223 have an information exposure vulnerability. When the user's smart phone connects to the malicious device for charging, an unauthenticated attacker may activate some specific function by sending some specially crafted messages. Due to insufficient input validation of the messages, successful exploit may cause information exposure.

CVSS Score

4.6

MEDIUM

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Huawei	Berlin-L21Hn Firmware	< l21hnc185b381
Huawei	Berlin-L21Hn	-
Huawei	Prague-Al00A Firmware	< al00ac00b223
Huawei	Prague-Al00A	-
Huawei	Prague-Al00B Firmware	< al00bc00b223
Huawei	Prague-Al00B	-
Huawei	Prague-Al00C Firmware	< al00cc00b223
Huawei	Prague-Al00C	-
Huawei	Prague-L31 Firmware	< l31c432b208
Huawei	Prague-L31	-
Huawei	Prague-Tl00A Firmware	< tl00ac01b223
Huawei	Prague-Tl00A	-
Huawei	Prague-Tl10A Firmware	< tl00ac01b223
Huawei	Prague-Tl10A	-

Related Weaknesses (CWE)

CWE-20

References

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180523-01-phone-eVendor Advisory
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180523-01-phone-eVendor Advisory

FAQ

What is CVE-2017-17158?

CVE-2017-17158 is a vulnerability with a CVSS score of 4.6 (MEDIUM). Some Huawei smart phones with the versions before Berlin-L21HNC185B381; the versions before Prague-AL00AC00B223; the versions before Prague-AL00BC00B223; the versions before Prague-AL00CC00B223; the v...

How severe is CVE-2017-17158?

CVE-2017-17158 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-17158?

Check the references section above for vendor advisories and patch information. Affected products include: Huawei Berlin-L21Hn Firmware, Huawei Berlin-L21Hn, Huawei Prague-Al00A Firmware, Huawei Prague-Al00A, Huawei Prague-Al00B Firmware.