CVE-2017-17172

Severity Score

7.3

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Huawei smart phones LYO-L21 with software LYO-L21C479B107, LYO-L21C479B107 have a privilege escalation vulnerability. An authenticated, local attacker can crafts malformed packets after tricking a user to install a malicious application and exploit this vulnerability when in the exception handling process. Successful exploitation may cause the attacker to obtain a higher privilege of the smart phones.

Los smartphones Huawei LYO-L21 con software en versiones LYO-L21C479B107 y LYO-L21C479B107 tienen una vulnerabilidad de escalado de privilegios. Un atacante local autenticado puede manipular paquetes mal formados tras engañar a un usuario para que instale una aplicación maliciosa y explotar esta vulnerabilidad mientras se está en el proceso de gestión de excepciones. La explotación exitosa de esta vulnerabilidad podría provocar que el atacante obtenga privilegios mayores en el smartphone.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2017-12-04 CVE Reserved
2018-06-14 CVE Published
2023-03-08 EPSS Updated
2024-08-05 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-755: Improper Handling of Exceptional Conditions

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180613-01-smartphone-en	2019-10-03

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Huawei Search vendor "Huawei"	Lyo-l21 Search vendor "Huawei" for product "Lyo-l21"	*	-	Affected	in	Huawei Search vendor "Huawei"	Lyo-l21 Firmware Search vendor "Huawei" for product "Lyo-l21 Firmware"	lyo-l21c479b107 Search vendor "Huawei" for product "Lyo-l21 Firmware" and version "lyo-l21c479b107"	-	Safe
Huawei Search vendor "Huawei"	Lyo-l21 Search vendor "Huawei" for product "Lyo-l21"	*	-	Affected	in	Huawei Search vendor "Huawei"	Lyo-l21 Firmware Search vendor "Huawei" for product "Lyo-l21 Firmware"	lyo-l21c577b126 Search vendor "Huawei" for product "Lyo-l21 Firmware" and version "lyo-l21c577b126"	-	Safe