var-201711-0240
Vulnerability from variot
Bastet in P10 Plus and P10 smart phones with software earlier than VKY-AL00C00B123 versions, earlier than VTR-AL00C00B123 versions have a buffer overflow vulnerability. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. The APP can modify specific data to cause buffer overflow in the next system reboot, causing continuous system reboot or arbitrary code execution. Huawei P10 Plus and P10 Smartphone software contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HuaweiVicky-AL00A/Victoria-AL00A is Huawei's smartphone. There are multiple local buffer overflow vulnerabilities in Huawei smartphones because it does not perform proper boundary checking on user-supplied input. Local vulnerabilities can exploit these vulnerabilities to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201711-0240",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "p10 plus",
"scope": "lt",
"trust": 1.8,
"vendor": "huawei",
"version": "vky-al00c00b123"
},
{
"model": "p10",
"scope": "lt",
"trust": 1.8,
"vendor": "huawei",
"version": "vtr-al00c00b123"
},
{
"model": "vicky-al00a \u003cvicky-al00ac00b123",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "victoria-al00a \u003cvictoria-al00ac00b123",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "victoria-al00a",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "0"
},
{
"model": "vicky-al00a",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "0"
},
{
"model": "victoria-al00ac00b123",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": "0"
},
{
"model": "vicky-al00ac00b123",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04677"
},
{
"db": "BID",
"id": "97696"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010608"
},
{
"db": "NVD",
"id": "CVE-2017-2724"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:huawei:p10_plus_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:p10_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-010608"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ADLab of Venustech.",
"sources": [
{
"db": "BID",
"id": "97696"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-962"
}
],
"trust": 0.9
},
"cve": "CVE-2017-2724",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2017-2724",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2017-04677",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.5,
"id": "CVE-2017-2724",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-2724",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-2724",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-04677",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201704-962",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2017-2724",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04677"
},
{
"db": "VULMON",
"id": "CVE-2017-2724"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010608"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-962"
},
{
"db": "NVD",
"id": "CVE-2017-2724"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Bastet in P10 Plus and P10 smart phones with software earlier than VKY-AL00C00B123 versions, earlier than VTR-AL00C00B123 versions have a buffer overflow vulnerability. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. The APP can modify specific data to cause buffer overflow in the next system reboot, causing continuous system reboot or arbitrary code execution. Huawei P10 Plus and P10 Smartphone software contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HuaweiVicky-AL00A/Victoria-AL00A is Huawei\u0027s smartphone. There are multiple local buffer overflow vulnerabilities in Huawei smartphones because it does not perform proper boundary checking on user-supplied input. Local vulnerabilities can exploit these vulnerabilities to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-2724"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010608"
},
{
"db": "CNVD",
"id": "CNVD-2017-04677"
},
{
"db": "BID",
"id": "97696"
},
{
"db": "VULMON",
"id": "CVE-2017-2724"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-2724",
"trust": 3.4
},
{
"db": "BID",
"id": "97696",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010608",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2017-04677",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201704-962",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2017-2724",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04677"
},
{
"db": "VULMON",
"id": "CVE-2017-2724"
},
{
"db": "BID",
"id": "97696"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010608"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-962"
},
{
"db": "NVD",
"id": "CVE-2017-2724"
}
]
},
"id": "VAR-201711-0240",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04677"
}
],
"trust": 1.2523158075
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04677"
}
]
},
"last_update_date": "2024-11-23T22:12:48.151000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "huawei-sa-20170405-01-smartphone",
"trust": 0.8,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170405-01-smartphone-en"
},
{
"title": "There are multiple buffer overflow vulnerabilities in Huawei\u0027s mobile Bastet component.",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/92017"
},
{
"title": "Huawei Vicky-AL00A and Victoria-AL00A Bastet Fix for component buffer error vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75149"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04677"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010608"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-962"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-010608"
},
{
"db": "NVD",
"id": "CVE-2017-2724"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/97696"
},
{
"trust": 1.7,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170405-01-smartphone-en"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2724"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2724"
},
{
"trust": 0.6,
"url": "http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20170405-01-smartphone-cn"
},
{
"trust": 0.3,
"url": "http://www.huawei.com"
},
{
"trust": 0.3,
"url": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170405-01-smartphone-en"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04677"
},
{
"db": "VULMON",
"id": "CVE-2017-2724"
},
{
"db": "BID",
"id": "97696"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010608"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-962"
},
{
"db": "NVD",
"id": "CVE-2017-2724"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-04677"
},
{
"db": "VULMON",
"id": "CVE-2017-2724"
},
{
"db": "BID",
"id": "97696"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010608"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-962"
},
{
"db": "NVD",
"id": "CVE-2017-2724"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-04677"
},
{
"date": "2017-11-22T00:00:00",
"db": "VULMON",
"id": "CVE-2017-2724"
},
{
"date": "2017-04-05T00:00:00",
"db": "BID",
"id": "97696"
},
{
"date": "2017-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-010608"
},
{
"date": "2017-04-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-962"
},
{
"date": "2017-11-22T19:29:01.507000",
"db": "NVD",
"id": "CVE-2017-2724"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-04677"
},
{
"date": "2017-12-08T00:00:00",
"db": "VULMON",
"id": "CVE-2017-2724"
},
{
"date": "2017-04-18T00:07:00",
"db": "BID",
"id": "97696"
},
{
"date": "2017-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-010608"
},
{
"date": "2017-12-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-962"
},
{
"date": "2024-11-21T03:24:03.457000",
"db": "NVD",
"id": "CVE-2017-2724"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-962"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei P10 Plus and P10 Buffer error vulnerability in smartphone software",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-010608"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-962"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.