CVE-2017-17158 Vulnerability Details

  /     /     /  

CVE-2017-17158 Metadata Quick Info

CVE Published: 24/05/2018 | CVE Updated: 05/08/2024 | CVE Year: 2017
Source: huawei | Vendor: Huawei Technologies Co., Ltd. | Product: Berlin-L21HN; Prague-AL00A; Prague-AL00B; Prague-AL00C; Prague-L31; Prague-TL00A; Prague-TL10A
Status : PUBLISHED

---

CVE-2017-17158 Description

Some Huawei smart phones with the versions before Berlin-L21HNC185B381; the versions before Prague-AL00AC00B223; the versions before Prague-AL00BC00B223; the versions before Prague-AL00CC00B223; the versions before Prague-L31C432B208; the versions before Prague-TL00AC01B223; the versions before Prague-TL00AC01B223 have an information exposure vulnerability. When the user\'s smart phone connects to the malicious device for charging, an unauthenticated attacker may activate some specific function by sending some specially crafted messages. Due to insufficient input validation of the messages, successful exploit may cause information exposure.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: information exposure
Source: Huawei Technologies Co., Ltd.

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).