CVE-2017-17224

Current Description

Some Huawei smart phones with versions earlier than Harry-AL00C 9.1.0.206(C00E205R3P1) have a null pointer dereference vulnerability. An attacker crafts specific packets and sends to the affected product to exploit this vulnerability. Successful exploitation may cause the affected phone abnormal.

Basic Data

PublishedNovember 12, 2019
Last ModifiedNovember 19, 2019
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-476
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:A/AC:L/Au:N/C:P/I:P/A:P
CVSS 2 - Access VectorADJACENT_NETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score5.8
SeverityMEDIUM
Exploitability Score6.5
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • AND
    • OR - Configuration 1
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3OSHuaweiHg655m Firmware********harry-al00c_9.1.0.206(c00e205r3p1)
    • OR Running on/with:
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3HardwareHuaweiHg655m-*******
  • AND
    • OR - Configuration 2
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3OSHuaweiHg655m Firmware********v100r001c02b023
    • OR Running on/with:
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3HardwareHuaweiHg655m-*******

Vulnerable Software List

VendorProductVersions
Huawei Hg655m Firmware *

References

NameSourceURLTags
http://www.huawei.com/en/psirt/security-notices/huawei-sn-20180327-01-hg655m-enhttp://www.huawei.com/en/psirt/security-notices/huawei-sn-20180327-01-hg655m-enCONFIRMVendor Advisory
https://fortiguard.com/zeroday/FG-VD-18-017https://fortiguard.com/zeroday/FG-VD-18-017MISCThird Party Advisory