| |
Vulnerability CVE-2017-17159
Published: 2018-02-15
| Description: |
Some Huawei smart phones with software of NXT-AL10C00B386, NXT-CL00C92B386, NXT-DL00C17B386, NXT-TL00C01B386SP01, NTS-AL00C00B535 have a DoS vulnerability due to insufficient input validation. An unauthenticated attacker could send malformed System Information(SI) messages to the smart phone within radio range by special wireless device. Successful exploit could make the smart phone restart. |
Type:
CWE-20 (Improper Input Validation)
CVSS2 => (AV:A/AC:L/Au:N/C:N/I:N/A:C)
| CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
6.1/10 |
6.9/10 |
6.5/10 |
| Exploit range |
Attack complexity |
Authentication |
Adjacent network |
Low |
No required |
| Confidentiality impact |
Integrity impact |
Availability impact |
None |
None |
Complete |
References: |
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-02-smartphone-en
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
