CVE-2017-8164 — LOW (3.3) — White Hats Nepal

Vulnerability Description

Some Huawei smart phones with software EVA-L09C34B142; EVA-L09C40B196; EVA-L09C432B210; EVA-L09C440B138; EVA-L09C464B150; EVA-L09C530B127; EVA-L09C55B190; EVA-L09C576B150; EVA-L09C635B221; EVA-L09C636B193; EVA-L09C675B130; EVA-L09C688B143; EVA-L09C703B160; EVA-L09C706B145; EVA-L09GBRC555B171; EVA-L09IRLC368B160; EVA-L19C10B190; EVA-L19C185B220; EVA-L19C20B160; EVA-L19C432B210; EVA-L19C636B190; EVA-L29C20B160; EVA-L29C636B191; EVA-TL00C01B198; VIE-L09C02B131; VIE-L09C109B181; VIE-L09C113B170; VIE-L09C150B170; VIE-L09C25B120; VIE-L09C40B181; VIE-L09C432B181; VIE-L09C55B170; VIE-L09C605B131; VIE-L09ITAC555B130; VIE-L29C10B170; VIE-L29C185B181; VIE-L29C605B131; VIE-L29C636B202 have a denial of service (DoS) vulnerability. An attacker can trick a user to install a malicious application to exploit this vulnerability. Successful exploitation can cause camera application unusable.

CVSS Score

3.3

LOW

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

LOW

Affected Products

Vendor	Product	Versions
Huawei	Eva-Al10 Firmware	eva-al10c00b198
Huawei	Eva-Al10	-
Huawei	Eva-Cl00 Firmware	eva-cl00c92b198
Huawei	Eva-Cl00	-
Huawei	Eva-Dl00 Firmware	eva-dl00c17b198
Huawei	Eva-Dl00	-
Huawei	Eva-L09 Firmware	eva-l09c02b143
Huawei	Eva-L09	-
Huawei	Eva-L19 Firmware	eva-l19c10b190
Huawei	Eva-L19	-
Huawei	Eva-L29 Firmware	eva-l29c20b160
Huawei	Eva-L29	-
Huawei	Eva-Tl00 Firmware	eva-tl00c01b198
Huawei	Eva-Tl00	-
Huawei	Vie-L09 Firmware	vie-l09c02b131
Huawei	Vie-L09	-
Huawei	Vie-L29 Firmware	vie-l29c10b170
Huawei	Vie-L29	-

Related Weaknesses (CWE)

CWE-20

References

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-smartphVendor Advisory
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-smartphVendor Advisory

FAQ

What is CVE-2017-8164?

CVE-2017-8164 is a vulnerability with a CVSS score of 3.3 (LOW). Some Huawei smart phones with software EVA-L09C34B142; EVA-L09C40B196; EVA-L09C432B210; EVA-L09C440B138; EVA-L09C464B150; EVA-L09C530B127; EVA-L09C55B190; EVA-L09C576B150; EVA-L09C635B221; EVA-L09C636...

How severe is CVE-2017-8164?

CVE-2017-8164 has been rated LOW with a CVSS base score of 3.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-8164?

Check the references section above for vendor advisories and patch information. Affected products include: Huawei Eva-Al10 Firmware, Huawei Eva-Al10, Huawei Eva-Cl00 Firmware, Huawei Eva-Cl00, Huawei Eva-Dl00 Firmware.