CVE-2017-17159 - OpenCVE

Some Huawei smart phones with software of NXT-AL10C00B386, NXT-CL00C92B386, NXT-DL00C17B386, NXT-TL00C01B386SP01, NTS-AL00C00B535 have a DoS vulnerability due to insufficient input validation. An unauthenticated attacker could send malformed System Information(SI) messages to the smart phone within radio range by special wireless device. Successful exploit could make the smart phone restart.

No CVSS v4.0

No CVSS v3.1

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:A/AC:L/Au:N/C:N/I:N/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Huawei	Mt8-emui4.1 Mt8-emui4.1 Firmware Nts-al00 Nts-al00 Firmware

Configuration 1 [-]

AND

OR	cpe:2.3:o:huawei:mt8-emui4.1_firmware:nxt-al10c00b386:::::::*
	cpe:2.3:o:huawei:mt8-emui4.1_firmware:nxt-cl00c92b386:::::::*
	cpe:2.3:o:huawei:mt8-emui4.1_firmware:nxt-dl00c17b386:::::::*
	cpe:2.3:o:huawei:mt8-emui4.1_firmware:nxt-tl00c01b386sp01:::::::*

cpe:2.3:h:huawei:mt8-emui4.1:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:huawei:nts-al00_firmware:nts-al00c00b535:*:*:*:*:*:*:*

cpe:2.3:h:huawei:nts-al00:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-02-smartphone-en

History

No history.

MITRE

Status: PUBLISHED

Assigner: huawei

Published: 2018-02-15T16:00:00

Updated: 2024-08-05T20:44:00.443Z

Reserved: 2017-12-04T00:00:00

Link: CVE-2017-17159

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2018-02-15T16:29:01.970

Modified: 2018-03-14T18:13:03.103

Link: CVE-2017-17159

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "MT8-EMUI4.1,NTS-AL00", "vendor": "Huawei Technologies Co., Ltd.", "versions": [{"status": "affected", "version": "NXT-AL10C00B386, NXT-CL00C92B386, NXT-DL00C17B386, NXT-TL00C01B386SP01,NTS-AL00C00B535"}]}], "datePublic": "2017-12-20T00:00:00", "descriptions": [{"lang": "en", "value": "Some Huawei smart phones with software of NXT-AL10C00B386, NXT-CL00C92B386, NXT-DL00C17B386, NXT-TL00C01B386SP01, NTS-AL00C00B535 have a DoS vulnerability due to insufficient input validation. An unauthenticated attacker could send malformed System Information(SI) messages to the smart phone within radio range by special wireless device. Successful exploit could make the smart phone restart."}], "problemTypes": [{"descriptions": [{"description": "DoS", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-02-15T15:57:02", "orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-02-smartphone-en"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@huawei.com", "ID": "CVE-2017-17159", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "MT8-EMUI4.1,NTS-AL00", "version": {"version_data": [{"version_value": "NXT-AL10C00B386, NXT-CL00C92B386, NXT-DL00C17B386, NXT-TL00C01B386SP01,NTS-AL00C00B535"}]}}]}, "vendor_name": "Huawei Technologies Co., Ltd."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Some Huawei smart phones with software of NXT-AL10C00B386, NXT-CL00C92B386, NXT-DL00C17B386, NXT-TL00C01B386SP01, NTS-AL00C00B535 have a DoS vulnerability due to insufficient input validation. An unauthenticated attacker could send malformed System Information(SI) messages to the smart phone within radio range by special wireless device. Successful exploit could make the smart phone restart."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "DoS"}]}]}, "references": {"reference_data": [{"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-02-smartphone-en", "refsource": "CONFIRM", "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-02-smartphone-en"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T20:44:00.443Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-02-smartphone-en"}]}]}, "cveMetadata": {"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "assignerShortName": "huawei", "cveId": "CVE-2017-17159", "datePublished": "2018-02-15T16:00:00", "dateReserved": "2017-12-04T00:00:00", "dateUpdated": "2024-08-05T20:44:00.443Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:mt8-emui4.1_firmware:nxt-al10c00b386:*:*:*:*:*:*:*", "matchCriteriaId": "62CAA661-6E9F-41AE-90E4-A6A7A8020B7C", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:mt8-emui4.1_firmware:nxt-cl00c92b386:*:*:*:*:*:*:*", "matchCriteriaId": "C62251E4-B231-475C-A05D-C313FC903F98", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:mt8-emui4.1_firmware:nxt-dl00c17b386:*:*:*:*:*:*:*", "matchCriteriaId": "4BAB4BA7-E393-4393-84F5-A17096D98A39", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:mt8-emui4.1_firmware:nxt-tl00c01b386sp01:*:*:*:*:*:*:*", "matchCriteriaId": "BA8972C3-53D2-413B-A1E3-E1EA92CAED2E", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:mt8-emui4.1:-:*:*:*:*:*:*:*", "matchCriteriaId": "3CAACD61-C2A8-4C6B-BABF-503B732D7ACB", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:nts-al00_firmware:nts-al00c00b535:*:*:*:*:*:*:*", "matchCriteriaId": "9A67583F-687E-4F3F-9B34-9016C68985DA", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:nts-al00:-:*:*:*:*:*:*:*", "matchCriteriaId": "57B9A942-4791-4B65-9EB7-8E52F6C3A25A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Some Huawei smart phones with software of NXT-AL10C00B386, NXT-CL00C92B386, NXT-DL00C17B386, NXT-TL00C01B386SP01, NTS-AL00C00B535 have a DoS vulnerability due to insufficient input validation. An unauthenticated attacker could send malformed System Information(SI) messages to the smart phone within radio range by special wireless device. Successful exploit could make the smart phone restart."}, {"lang": "es", "value": "Algunos smartphones Huawei con software NXT-AL10C00B386, NXT-CL00C92B386, NXT-DL00C17B386, NXT-TL00C01B386SP01 y NTS-AL00C00B535 tienen una vulnerabilidad de denegaci\u00f3n de servicio (DoS) debido a una validaci\u00f3n de entradas insuficiente. Un atacante no autenticado podr\u00eda enviar mensajes SI (System Information) a los smartphones en el rango de radio por medio de un dispositivo inal\u00e1mbrico especial. La explotaci\u00f3n exitosa de esta vulnerabilidad puede provocar el reinicio del smartphone.</"}], "id": "CVE-2017-17159", "lastModified": "2018-03-14T18:13:03.103", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-02-15T16:29:01.970", "references": [{"source": "psirt@huawei.com", "tags": ["Vendor Advisory"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-02-smartphone-en"}], "sourceIdentifier": "psirt@huawei.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}