PT-2017-18189 · Huawei · Huawei Smartphone
Guang Gong
+2
·
Published
2017-11-22
·
Updated
2017-12-08
·
CVE-2017-8184
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Huawei smart phones with software earlier than Nice-AL00C00B160 versions
Huawei smart phones with software earlier than Nice-AL10C00B140 versions
Description
The issue allows an attacker to trick a user into installing a malicious application on the smart phone. By sending a given parameter, the attacker can cause any memory access issues, leading to sensitive information leakage.
Recommendations
For versions earlier than Nice-AL00C00B160, update to Nice-AL00C00B160 or later to resolve the issue.
For versions earlier than Nice-AL10C00B140, update to Nice-AL10C00B140 or later to resolve the issue.
As a temporary workaround, consider restricting the installation of applications from untrusted sources to minimize the risk of exploitation.
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Huawei Smartphone