CVE-2017-2729
Severity Score
7.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The boot loaders in Honor 5A smart phones with software Versions earlier than CAM-TL00C01B193,Versions earlier than CAM-TL00HC00B193,Versions earlier than CAM-UL00C00B193 have a buffer overflow vulnerability. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. The APP can modify specific data to cause buffer overflow in the next system reboot, causing continuous system reboot or arbitrary code execution.
Los cargadores de arranque en smartphones Honor 5A con versiones de software anteriores a CAM-TL00C01B193, CAM-TL00HC00B193 y CAM-UL00C00B193 tienen una vulnerabilidad de desbordamiento de búfer. Un atacante con el privilegio root de un sistema Android podría engañar a un usuario para que instale una APP maliciosa. La APP puede modificar datos concretos para provocar un desbordamiento de búfer en el siguiente reinicio del sistema, provocando el reinicio continuo del sistema o la ejecución arbitraria de código.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2016-12-01 CVE Reserved
- 2017-11-22 CVE Published
- 2024-06-18 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/96526 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170302-01-smartphone-en | 2017-12-11 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Huawei Search vendor "Huawei" | Honor 5a Firmware Search vendor "Huawei" for product "Honor 5a Firmware" | < cam-tl00c01b193 Search vendor "Huawei" for product "Honor 5a Firmware" and version " < cam-tl00c01b193" | - |
Affected
| in | Huawei Search vendor "Huawei" | Honor 5a Search vendor "Huawei" for product "Honor 5a" | - | - |
Safe
|
| Huawei Search vendor "Huawei" | Honor 5a Firmware Search vendor "Huawei" for product "Honor 5a Firmware" | < cam-tl00hc00b193 Search vendor "Huawei" for product "Honor 5a Firmware" and version " < cam-tl00hc00b193" | - |
Affected
| in | Huawei Search vendor "Huawei" | Honor 5a Search vendor "Huawei" for product "Honor 5a" | - | - |
Safe
|
| Huawei Search vendor "Huawei" | Honor 5a Firmware Search vendor "Huawei" for product "Honor 5a Firmware" | < cam-ul00c00b193 Search vendor "Huawei" for product "Honor 5a Firmware" and version " < cam-ul00c00b193" | - |
Affected
| in | Huawei Search vendor "Huawei" | Honor 5a Search vendor "Huawei" for product "Honor 5a" | - | - |
Safe
|
| Huawei Search vendor "Huawei" | P8 Lite Firmware Search vendor "Huawei" for product "P8 Lite Firmware" | < ale-l02c635b568 Search vendor "Huawei" for product "P8 Lite Firmware" and version " < ale-l02c635b568" | - |
Affected
| in | Huawei Search vendor "Huawei" | P8 Lite Search vendor "Huawei" for product "P8 Lite" | - | - |
Safe
|
| Huawei Search vendor "Huawei" | P8 Lite Firmware Search vendor "Huawei" for product "P8 Lite Firmware" | < ale-l21c10b541 Search vendor "Huawei" for product "P8 Lite Firmware" and version " < ale-l21c10b541" | - |
Affected
| in | Huawei Search vendor "Huawei" | P8 Lite Search vendor "Huawei" for product "P8 Lite" | - | - |
Safe
|
| Huawei Search vendor "Huawei" | P8 Lite Firmware Search vendor "Huawei" for product "P8 Lite Firmware" | < ale-l21c185b568 Search vendor "Huawei" for product "P8 Lite Firmware" and version " < ale-l21c185b568" | - |
Affected
| in | Huawei Search vendor "Huawei" | P8 Lite Search vendor "Huawei" for product "P8 Lite" | - | - |
Safe
|
| Huawei Search vendor "Huawei" | P8 Lite Firmware Search vendor "Huawei" for product "P8 Lite Firmware" | < ale-l21c432b596 Search vendor "Huawei" for product "P8 Lite Firmware" and version " < ale-l21c432b596" | - |
Affected
| in | Huawei Search vendor "Huawei" | P8 Lite Search vendor "Huawei" for product "P8 Lite" | - | - |
Safe
|
| Huawei Search vendor "Huawei" | P8 Lite Firmware Search vendor "Huawei" for product "P8 Lite Firmware" | < ale-l21c464b595 Search vendor "Huawei" for product "P8 Lite Firmware" and version " < ale-l21c464b595" | - |
Affected
| in | Huawei Search vendor "Huawei" | P8 Lite Search vendor "Huawei" for product "P8 Lite" | - | - |
Safe
|
| Huawei Search vendor "Huawei" | P8 Lite Firmware Search vendor "Huawei" for product "P8 Lite Firmware" | < ale-l21c636b568 Search vendor "Huawei" for product "P8 Lite Firmware" and version " < ale-l21c636b568" | - |
Affected
| in | Huawei Search vendor "Huawei" | P8 Lite Search vendor "Huawei" for product "P8 Lite" | - | - |
Safe
|
| Huawei Search vendor "Huawei" | P8 Lite Firmware Search vendor "Huawei" for product "P8 Lite Firmware" | < ale-l23c605b535 Search vendor "Huawei" for product "P8 Lite Firmware" and version " < ale-l23c605b535" | - |
Affected
| in | Huawei Search vendor "Huawei" | P8 Lite Search vendor "Huawei" for product "P8 Lite" | - | - |
Safe
|