Vulnerabilites related to huawei - agassi-w09hn_firmware
Vulnerability from fkie_nvd
Published
2017-11-22 19:29
Modified
2024-11-21 03:33
Severity ?
Summary
Some Huawei smartphones with software AGS-L09C233B019,AGS-W09C233B019,KOB-L09C233B017,KOB-W09C233B012 have a type confusion vulnerability. The program initializes a variable using one type, but it later accesses that variable using a type that is different with the original type when do certain register operation. Successful exploit could result in buffer overflow then may cause malicious code execution.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| huawei | agassi-l09hn_firmware | ags-l09c233b019 | |
| huawei | agassi-l09hn | - | |
| huawei | agassi-w09hn_firmware | ags-w09c233b019 | |
| huawei | agassi-w09hn | - | |
| huawei | kobe-l09ahn_firmware | kob-l09c233b017 | |
| huawei | kobe-l09ahn | - | |
| huawei | kobe-w09chn_firmware | kob-w09c233b012 | |
| huawei | kobe-w09chn | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:agassi-l09hn_firmware:ags-l09c233b019:*:*:*:*:*:*:*",
"matchCriteriaId": "9C80E3F6-CAAB-4E42-A263-C3B133040FE9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:agassi-l09hn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3498A696-E831-453C-ABCE-77A9908E96F6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:agassi-w09hn_firmware:ags-w09c233b019:*:*:*:*:*:*:*",
"matchCriteriaId": "AE8DE54A-E45A-4676-BD89-28C36DA471C3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:agassi-w09hn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF342830-41FF-4E16-9090-2AB68DD822A2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:kobe-l09ahn_firmware:kob-l09c233b017:*:*:*:*:*:*:*",
"matchCriteriaId": "24DE753F-E19D-4F36-93E6-DFBD5BC9EF31",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:kobe-l09ahn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58C4B423-90C0-4A6E-A246-1A8BB7282AC8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:kobe-w09chn_firmware:kob-w09c233b012:*:*:*:*:*:*:*",
"matchCriteriaId": "643CA10D-515D-4D24-A1A5-D31DEA91D05C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:kobe-w09chn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C9CAF9F7-A010-4349-BC8B-B3D6D37C3460",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Some Huawei smartphones with software AGS-L09C233B019,AGS-W09C233B019,KOB-L09C233B017,KOB-W09C233B012 have a type confusion vulnerability. The program initializes a variable using one type, but it later accesses that variable using a type that is different with the original type when do certain register operation. Successful exploit could result in buffer overflow then may cause malicious code execution."
},
{
"lang": "es",
"value": "Algunos smartphones Huawei con software AGS-L09C233B019, AGS-W09C233B019, KOB-L09C233B017 o KOB-W09C233B012 tienen una vulnerabilidad de confusi\u00f3n de tipos. El programa inicializa una variable utilizando un tipo, pero luego accede a esa variable utilizando un tipo diferente del original cuando realiza determinadas operaciones de registro. Un exploit exitoso podr\u00eda resultar en un desbordamiento de b\u00fafer que podr\u00eda causar la ejecuci\u00f3n de c\u00f3digo malicioso."
}
],
"id": "CVE-2017-8159",
"lastModified": "2024-11-21T03:33:26.313",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-22T19:29:03.677",
"references": [
{
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171018-02-smartphone-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171018-02-smartphone-en"
}
],
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-704"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2017-8159
Vulnerability from cvelistv5
Published
2017-11-22 19:00
Modified
2024-09-16 19:40
Severity ?
EPSS score ?
Summary
Some Huawei smartphones with software AGS-L09C233B019,AGS-W09C233B019,KOB-L09C233B017,KOB-W09C233B012 have a type confusion vulnerability. The program initializes a variable using one type, but it later accesses that variable using a type that is different with the original type when do certain register operation. Successful exploit could result in buffer overflow then may cause malicious code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171018-02-smartphone-en | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei Technologies Co., Ltd. | Agassi-L09HN,Agassi-W09HN,Kobe-L09AHN,Kobe-W09CHN, |
Version: AGS-L09C233B019,AGS-W09C233B019,KOB-L09C233B017,KOB-W09C233B012 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:27:22.873Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171018-02-smartphone-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Agassi-L09HN,Agassi-W09HN,Kobe-L09AHN,Kobe-W09CHN,",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "AGS-L09C233B019,AGS-W09C233B019,KOB-L09C233B017,KOB-W09C233B012"
}
]
}
],
"datePublic": "2017-11-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Some Huawei smartphones with software AGS-L09C233B019,AGS-W09C233B019,KOB-L09C233B017,KOB-W09C233B012 have a type confusion vulnerability. The program initializes a variable using one type, but it later accesses that variable using a type that is different with the original type when do certain register operation. Successful exploit could result in buffer overflow then may cause malicious code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Type Confusion",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-22T18:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171018-02-smartphone-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC": "2017-11-15T00:00:00",
"ID": "CVE-2017-8159",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Agassi-L09HN,Agassi-W09HN,Kobe-L09AHN,Kobe-W09CHN,",
"version": {
"version_data": [
{
"version_value": "AGS-L09C233B019,AGS-W09C233B019,KOB-L09C233B017,KOB-W09C233B012"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Some Huawei smartphones with software AGS-L09C233B019,AGS-W09C233B019,KOB-L09C233B017,KOB-W09C233B012 have a type confusion vulnerability. The program initializes a variable using one type, but it later accesses that variable using a type that is different with the original type when do certain register operation. Successful exploit could result in buffer overflow then may cause malicious code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Type Confusion"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171018-02-smartphone-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171018-02-smartphone-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2017-8159",
"datePublished": "2017-11-22T19:00:00Z",
"dateReserved": "2017-04-25T00:00:00",
"dateUpdated": "2024-09-16T19:40:02.593Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}