CVE-2017-8169 — HIGH (7.8) — White Hats Nepal

Q: How severe is CVE-2017-8169?

CVE-2017-8169 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2017-8169?

Check the references section above for vendor advisories and patch information. Affected products include: Huawei Vie-L09 Firmware, Huawei Vie-L09.

Vulnerability Description

Huawei smart phones with software earlier than VIE-L09C40B360 versions have a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP which has the root privilege; the APP can send a specific parameter to the smart phone, causing the smartphone restart or arbitrary code execution.

CVSS Score

7.8

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Huawei	Vie-L09 Firmware	< vie-l09c40b360
Huawei	Vie-L09	-

Related Weaknesses (CWE)

CWE-119

References

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171025-01-overfloIssue TrackingVendor Advisory
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171025-01-overfloIssue TrackingVendor Advisory

FAQ

What is CVE-2017-8169?

CVE-2017-8169 is a vulnerability with a CVSS score of 7.8 (HIGH). Huawei smart phones with software earlier than VIE-L09C40B360 versions have a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicio...

How severe is CVE-2017-8169?

CVE-2017-8169 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-8169?

Check the references section above for vendor advisories and patch information. Affected products include: Huawei Vie-L09 Firmware, Huawei Vie-L09.