var-201711-1018
Vulnerability from variot
The Bastet Driver of Nova 2 Plus,Nova 2 Huawei smart phones with software of Versions earlier than BAC-AL00C00B173,Versions earlier than PIC-AL00C00B173 has a use after free (UAF) vulnerability. An attacker can convince a user to install a malicious application which has a high privilege to exploit this vulnerability, Successful exploitation may cause arbitrary code execution. Huawei Nova 2 Plus and Nova 2 Smartphone software contains a vulnerability related to the use of freed memory.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Both Nova2 and Nova2Plus are smartphone devices from China's Huawei company. The UseAfterFree (UAF) security vulnerability exists in the Bastet driver of HuaweiNova2 and Nova2Plus. Huawei Smart Phones are prone to a remote code-execution vulnerability. Failed exploit attempts will likely cause a denial-of-service condition
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201711-1018",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "nova 2 plus",
"scope": "lt",
"trust": 1.8,
"vendor": "huawei",
"version": "bac-al00c00b173"
},
{
"model": "nova 2",
"scope": "lt",
"trust": 1.8,
"vendor": "huawei",
"version": "pic-al00c00b173"
},
{
"model": "nova \u003c=pic-al00c00b173",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "2"
},
{
"model": "nova plus \u003c=bac-al00c00b173",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "2"
},
{
"model": "nova plus",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "20"
},
{
"model": "nova",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "20"
},
{
"model": "nova plus bac-al00c00b173",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": "2"
},
{
"model": "nova pic-al00c00b173",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": "2"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-34798"
},
{
"db": "BID",
"id": "101960"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010740"
},
{
"db": "NVD",
"id": "CVE-2017-8203"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:huawei:nova_2_plus_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:nova_2_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-010740"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Yonggang Guo",
"sources": [
{
"db": "BID",
"id": "101960"
}
],
"trust": 0.3
},
"cve": "CVE-2017-8203",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2017-8203",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2017-34798",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2017-8203",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-8203",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-8203",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-34798",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201711-935",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-34798"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010740"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-935"
},
{
"db": "NVD",
"id": "CVE-2017-8203"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Bastet Driver of Nova 2 Plus,Nova 2 Huawei smart phones with software of Versions earlier than BAC-AL00C00B173,Versions earlier than PIC-AL00C00B173 has a use after free (UAF) vulnerability. An attacker can convince a user to install a malicious application which has a high privilege to exploit this vulnerability, Successful exploitation may cause arbitrary code execution. Huawei Nova 2 Plus and Nova 2 Smartphone software contains a vulnerability related to the use of freed memory.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Both Nova2 and Nova2Plus are smartphone devices from China\u0027s Huawei company. The UseAfterFree (UAF) security vulnerability exists in the Bastet driver of HuaweiNova2 and Nova2Plus. Huawei Smart Phones are prone to a remote code-execution vulnerability. Failed exploit attempts will likely cause a denial-of-service condition",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-8203"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010740"
},
{
"db": "CNVD",
"id": "CNVD-2017-34798"
},
{
"db": "BID",
"id": "101960"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-8203",
"trust": 3.3
},
{
"db": "BID",
"id": "101960",
"trust": 1.3
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010740",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2017-34798",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201711-935",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-34798"
},
{
"db": "BID",
"id": "101960"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010740"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-935"
},
{
"db": "NVD",
"id": "CVE-2017-8203"
}
]
},
"id": "VAR-201711-1018",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-34798"
}
],
"trust": 1.1587412549999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-34798"
}
]
},
"last_update_date": "2024-11-23T23:05:16.633000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "huawei-sa-20170927-01-smartphone",
"trust": 0.8,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170927-01-smartphone-en"
},
{
"title": "HuaweiNova2Bastet driver privilege escalation vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/106544"
},
{
"title": "Huawei Nova 2 and Nova 2 Plus Bastet Driver security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76645"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-34798"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010740"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-935"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-416",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-010740"
},
{
"db": "NVD",
"id": "CVE-2017-8203"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170927-01-smartphone-en"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/101960"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8203"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8203"
},
{
"trust": 0.6,
"url": "http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20170927-01-smartphone-cn"
},
{
"trust": 0.3,
"url": "http://www.huawei.com/en/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-34798"
},
{
"db": "BID",
"id": "101960"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010740"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-935"
},
{
"db": "NVD",
"id": "CVE-2017-8203"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-34798"
},
{
"db": "BID",
"id": "101960"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010740"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-935"
},
{
"db": "NVD",
"id": "CVE-2017-8203"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-34798"
},
{
"date": "2017-09-27T00:00:00",
"db": "BID",
"id": "101960"
},
{
"date": "2017-12-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-010740"
},
{
"date": "2017-11-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201711-935"
},
{
"date": "2017-11-22T19:29:05.117000",
"db": "NVD",
"id": "CVE-2017-8203"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-34798"
},
{
"date": "2017-12-19T22:37:00",
"db": "BID",
"id": "101960"
},
{
"date": "2017-12-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-010740"
},
{
"date": "2017-11-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201711-935"
},
{
"date": "2024-11-21T03:33:31.720000",
"db": "NVD",
"id": "CVE-2017-8203"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201711-935"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei Nova 2 Plus and Nova 2 Vulnerability related to the use of released memory in smartphone software",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-010740"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201711-935"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.