fkie_cve-2017-2697
Vulnerability from fkie_nvd
Published
2017-11-22 19:29
Modified
2024-11-21 03:24
Severity ?
Summary
The goldeneye driver in NMO-L31C432B120 and earlier versions,NEM-L21C432B100 and earlier versions,NEM-L51C432B120 and earlier versions,KNT-AL10C746B160 and earlier versions,VNS-L21C185B142 and earlier versions,CAM-L21C10B130 and earlier versions,CAM-L21C185B141 and earlier versions has buffer overflow vulnerability. An attacker with the root privilege of the Android system can tricks a user into installing a malicious application on the smart phone, and send given parameter to smart phone to crash the system or escalate privilege.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| huawei | gt3_firmware | * | |
| huawei | gt3 | - | |
| huawei | honor_5c_firmware | * | |
| huawei | honor_5c | - | |
| huawei | knt_firmware | * | |
| huawei | knt | - | |
| huawei | p9_lite_firmware | * | |
| huawei | p9_lite | - | |
| huawei | y6ii_firmware | * | |
| huawei | y6ii | - | |
| huawei | honor_5c_firmware | * | |
| huawei | honor_5c | - | |
| huawei | y6ii_firmware | * | |
| huawei | y6ii | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:gt3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A664EAA-CB7E-4170-B9EA-83C958EF8657",
"versionEndIncluding": "nmo-l31c432b120",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:gt3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BC216CD0-0BF1-4082-820E-D597CA1C2840",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:honor_5c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F84B142D-0AD1-4B52-829E-7F66A6D82564",
"versionEndIncluding": "nem-l51c432b120",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:honor_5c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A135A0A-CBDE-4CFB-83EC-F1169D5AE71F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:knt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DAD2A7EF-97FD-415E-9FBC-54A01BE9CCFF",
"versionEndIncluding": "knt-al10c746b160",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:knt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F5DE4358-AFCC-4B61-9FEE-5F054C06BECC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:p9_lite_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BDD94F90-3A1D-4C69-9AE0-20A4729024AB",
"versionEndIncluding": "vns-l21c185b142",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:p9_lite:-:*:*:*:*:*:*:*",
"matchCriteriaId": "866C3F90-FC3B-4A9F-8BAC-83A89077F96E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:y6ii_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B5F578FF-9F11-49CB-98D2-023178C1343D",
"versionEndIncluding": "cam-l21c10b130",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:y6ii:-:*:*:*:*:*:*:*",
"matchCriteriaId": "34634B10-87F0-4BE5-A116-DD399A06611A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:honor_5c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F84B142D-0AD1-4B52-829E-7F66A6D82564",
"versionEndIncluding": "nem-l51c432b120",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:honor_5c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A135A0A-CBDE-4CFB-83EC-F1169D5AE71F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:y6ii_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "65F18D59-6FEC-4C7D-96DE-F8C54933764D",
"versionEndIncluding": "cam-l21c185b141",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:y6ii:-:*:*:*:*:*:*:*",
"matchCriteriaId": "34634B10-87F0-4BE5-A116-DD399A06611A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The goldeneye driver in NMO-L31C432B120 and earlier versions,NEM-L21C432B100 and earlier versions,NEM-L51C432B120 and earlier versions,KNT-AL10C746B160 and earlier versions,VNS-L21C185B142 and earlier versions,CAM-L21C10B130 and earlier versions,CAM-L21C185B141 and earlier versions has buffer overflow vulnerability. An attacker with the root privilege of the Android system can tricks a user into installing a malicious application on the smart phone, and send given parameter to smart phone to crash the system or escalate privilege."
},
{
"lang": "es",
"value": "El controlador goldeneye en NMO-L31C432B120 y versiones anteriores; NEM-L21C432B100 y anteriores; NEM-L51C432B120 y anteriores; KNT-AL10C746B160 y anteriores; VNS-L21C185B142 y anteriores; CAM-L21C10B130 y anteriores y CAM-L21C185B141 y versiones anteriores tiene una vulnerabilidad de desbordamiento de b\u00fafer. Un atacante con el privilegio root del sistema Android puede enga\u00f1ar a un usuario para que instale una aplicaci\u00f3n maliciosa en el smartphone y enviar par\u00e1metros al smartphone para que el sistema se cierre inesperadamente o se escalen privilegios."
}
],
"id": "CVE-2017-2697",
"lastModified": "2024-11-21T03:24:00.230",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-22T19:29:00.490",
"references": [
{
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170208-02-smartphone-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170208-02-smartphone-en"
}
],
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.