var-201810-0047
Vulnerability from variot
The hardware security module of Mate 9 and Mate 9 Pro Huawei smart phones with the versions earlier before MHA-AL00BC00B156, versions earlier before MHA-CL00BC00B156, versions earlier before MHA-DL00BC00B156, versions earlier before MHA-TL00BC00B156, versions earlier before LON-AL00BC00B156, versions earlier before LON-CL00BC00B156, versions earlier before LON-DL00BC00B156, versions earlier before LON-TL00BC00B156 has a arbitrary memory read/write vulnerability due to the input parameters validation. An attacker with the root privilege of the Android system could exploit this vulnerability to read and write memory data anywhere or execute arbitrary code in the TrustZone. Huawei Mate 9 and Mate 9 Pro Smartphones have vulnerabilities related to authorization, authority, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HuaweiMate9 and Mate9Pro are both Huawei's smartphone products. The vulnerability is due to insufficient input verification in the hardware security module of some Huawei phones. The Huawei Mate 9 and Mate 9 Pro are smartphones from the Chinese company Huawei
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201810-0047",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mate 9 pro",
"scope": "lt",
"trust": 1.8,
"vendor": "huawei",
"version": "lon-al00bc00b156"
},
{
"model": "mate 9 pro",
"scope": "lt",
"trust": 1.8,
"vendor": "huawei",
"version": "lon-cl00bc00b156"
},
{
"model": "mate 9 pro",
"scope": "lt",
"trust": 1.8,
"vendor": "huawei",
"version": "lon-dl00bc00b156"
},
{
"model": "mate 9 pro",
"scope": "lt",
"trust": 1.8,
"vendor": "huawei",
"version": "lon-tl00bc00b156"
},
{
"model": "mate 9",
"scope": "lt",
"trust": 1.8,
"vendor": "huawei",
"version": "mha-al00bc00b156"
},
{
"model": "mate 9",
"scope": "lt",
"trust": 1.8,
"vendor": "huawei",
"version": "mha-cl00bc00b156"
},
{
"model": "mate 9",
"scope": "lt",
"trust": 1.8,
"vendor": "huawei",
"version": "mha-dl00bc00b156"
},
{
"model": "mate 9",
"scope": "lt",
"trust": 1.8,
"vendor": "huawei",
"version": "mha-tl00bc00b156"
},
{
"model": "mate \u003cmha-al00bc00b156",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "9"
},
{
"model": "mate \u003cmha-cl00bc00b156",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "9"
},
{
"model": "mate \u003cmha-dl00bc00b156",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "9"
},
{
"model": "mate \u003cmha-tl00bc00b156",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "9"
},
{
"model": "mate pro \u003clon-al00bc00b156",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "9"
},
{
"model": "mate pro \u003clon-cl00bc00b156",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "9"
},
{
"model": "mate pro \u003clon-dl00bc00b156",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "9"
},
{
"model": "mate pro \u003clon-tl00bc00b156",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "9"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20883"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014321"
},
{
"db": "NVD",
"id": "CVE-2017-17176"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:huawei:mate_9_pro_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:mate_9_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014321"
}
]
},
"cve": "CVE-2017-17176",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2017-17176",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2018-20883",
"impactScore": 9.5,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-108172",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.8,
"id": "CVE-2017-17176",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-17176",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2017-17176",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2018-20883",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201712-929",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-108172",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20883"
},
{
"db": "VULHUB",
"id": "VHN-108172"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014321"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-929"
},
{
"db": "NVD",
"id": "CVE-2017-17176"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The hardware security module of Mate 9 and Mate 9 Pro Huawei smart phones with the versions earlier before MHA-AL00BC00B156, versions earlier before MHA-CL00BC00B156, versions earlier before MHA-DL00BC00B156, versions earlier before MHA-TL00BC00B156, versions earlier before LON-AL00BC00B156, versions earlier before LON-CL00BC00B156, versions earlier before LON-DL00BC00B156, versions earlier before LON-TL00BC00B156 has a arbitrary memory read/write vulnerability due to the input parameters validation. An attacker with the root privilege of the Android system could exploit this vulnerability to read and write memory data anywhere or execute arbitrary code in the TrustZone. Huawei Mate 9 and Mate 9 Pro Smartphones have vulnerabilities related to authorization, authority, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HuaweiMate9 and Mate9Pro are both Huawei\u0027s smartphone products. The vulnerability is due to insufficient input verification in the hardware security module of some Huawei phones. The Huawei Mate 9 and Mate 9 Pro are smartphones from the Chinese company Huawei",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-17176"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014321"
},
{
"db": "CNVD",
"id": "CNVD-2018-20883"
},
{
"db": "VULHUB",
"id": "VHN-108172"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-17176",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014321",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201712-929",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-20883",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-108172",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20883"
},
{
"db": "VULHUB",
"id": "VHN-108172"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014321"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-929"
},
{
"db": "NVD",
"id": "CVE-2017-17176"
}
]
},
"id": "VAR-201810-0047",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20883"
},
{
"db": "VULHUB",
"id": "VHN-108172"
}
],
"trust": 1.32765928
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20883"
}
]
},
"last_update_date": "2024-11-23T22:17:17.992000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "huawei-sa-20170306-01-smartphone",
"trust": 0.8,
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170306-01-smartphone-en"
},
{
"title": "Patch of random memory read and write vulnerabilities for various Huawei phones",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/142309"
},
{
"title": "Huawei Mate 9 and Mate 9 Pro hardware security Repair measures for module security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=85679"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20883"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014321"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-929"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "CWE-264",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-108172"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014321"
},
{
"db": "NVD",
"id": "CVE-2017-17176"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170306-01-smartphone-en"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17176"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-17176"
},
{
"trust": 0.6,
"url": "https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20170306-01-smartphone-cn"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20883"
},
{
"db": "VULHUB",
"id": "VHN-108172"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014321"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-929"
},
{
"db": "NVD",
"id": "CVE-2017-17176"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-20883"
},
{
"db": "VULHUB",
"id": "VHN-108172"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014321"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-929"
},
{
"db": "NVD",
"id": "CVE-2017-17176"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-20883"
},
{
"date": "2018-10-17T00:00:00",
"db": "VULHUB",
"id": "VHN-108172"
},
{
"date": "2019-01-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014321"
},
{
"date": "2018-10-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201712-929"
},
{
"date": "2018-10-17T15:29:00.633000",
"db": "NVD",
"id": "CVE-2017-17176"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-20883"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-108172"
},
{
"date": "2019-01-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014321"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201712-929"
},
{
"date": "2024-11-21T03:17:39.067000",
"db": "NVD",
"id": "CVE-2017-17176"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201712-929"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei Mate 9 and Mate 9 Pro Vulnerabilities related to authorization, authority, and access control in smartphones",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014321"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201712-929"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.