PT-2018-6421 · Huawei · Huawei Smartphone
Published
2018-02-15
·
Updated
2018-03-14
·
CVE-2017-17159
CVSS v3.1
6.5
Medium
| Vector | AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions:
Huawei smart phones with software of NXT-AL10C00B386
Huawei smart phones with software of NXT-CL00C92B386
Huawei smart phones with software of NXT-DL00C17B386
Huawei smart phones with software of NXT-TL00C01B386SP01
Huawei smart phones with software of NTS-AL00C00B535
Description:
The issue is due to insufficient input validation, allowing an unauthenticated attacker to send malformed System Information (SI) messages to the smart phone within radio range using a special wireless device. Successful exploitation could cause the smart phone to restart.
Recommendations:
For NXT-AL10C00B386, update the software to a version that addresses the insufficient input validation issue.
For NXT-CL00C92B386, update the software to a version that addresses the insufficient input validation issue.
For NXT-DL00C17B386, update the software to a version that addresses the insufficient input validation issue.
For NXT-TL00C01B386SP01, update the software to a version that addresses the insufficient input validation issue.
For NTS-AL00C00B535, update the software to a version that addresses the insufficient input validation issue.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Huawei Smartphone