CVE-2017-8144 — MEDIUM (5.5)

Q: How severe is CVE-2017-8144?

CVE-2017-8144 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2017-8144?

Check the references section above for vendor advisories and patch information. Affected products include: Huawei Honor 5A Firmware, Huawei Honor 5A, Huawei Honor 8 Lite Firmware, Huawei Honor 8 Lite, Huawei Mate 9 Firmware.

Vulnerability Description

Honor 5A,Honor 8 Lite,Mate9,Mate9 Pro,P10,P10 Plus Huawei smartphones with software the versions before CAM-L03C605B143CUSTC605D003,the versions before Prague-L03C605B161,the versions before Prague-L23C605B160,the versions before MHA-AL00C00B225,the versions before LON-AL00C00B225,the versions before VTR-AL00C00B167,the versions before VTR-TL00C01B167,the versions before VKY-AL00C00B167,the versions before VKY-TL00C01B167 have a resource exhaustion vulnerability due to configure setting. An attacker tricks a user into installing a malicious application, the application may turn on the device flash-light and rapidly drain the device battery.

CVSS Score

5.5

MEDIUM

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Huawei	Honor 5A Firmware	< cam-l03c605b143custc605d003
Huawei	Honor 5A	-
Huawei	Honor 8 Lite Firmware	< prague-l03c605b161
Huawei	Honor 8 Lite	-
Huawei	Mate 9 Firmware	< mha-al00c00b225
Huawei	Mate 9	-
Huawei	Mate 9 Pro Firmware	< lon-al00c00b225
Huawei	Mate 9 Pro	-
Huawei	P10 Firmware	< vtr-al00c00b167
Huawei	P10	-
Huawei	P10 Plus Firmware	< vky-al00c00b167
Huawei	P10 Plus	-

Related Weaknesses (CWE)

CWE-920

References

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170725-01-smartphVendor Advisory
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170725-01-smartphVendor Advisory

FAQ

What is CVE-2017-8144?

CVE-2017-8144 is a vulnerability with a CVSS score of 5.5 (MEDIUM). Honor 5A,Honor 8 Lite,Mate9,Mate9 Pro,P10,P10 Plus Huawei smartphones with software the versions before CAM-L03C605B143CUSTC605D003,the versions before Prague-L03C605B161,the versions before Prague-L2...

How severe is CVE-2017-8144?

CVE-2017-8144 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-8144?

Check the references section above for vendor advisories and patch information. Affected products include: Huawei Honor 5A Firmware, Huawei Honor 5A, Huawei Honor 8 Lite Firmware, Huawei Honor 8 Lite, Huawei Mate 9 Firmware.