Vulnerabilities > CVE-2017-17172 - Improper Handling of Exceptional Conditions vulnerability in Huawei Lyo-L21

CVSS 7.3 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

huawei

CWE-755

NVD

Published: 2018-06-14

Updated: 2019-10-03

Summary

Huawei smart phones LYO-L21 with software LYO-L21C479B107, LYO-L21C479B107 have a privilege escalation vulnerability. An authenticated, local attacker can crafts malformed packets after tricking a user to install a malicious application and exploit this vulnerability when in the exception handling process. Successful exploitation may cause the attacker to obtain a higher privilege of the smart phones.

Vulnerable Configurations

Part	Description	Count
Hardware	Huawei Huawei LYO L21 *	1
OS	Huawei Huawei LYO L21 Firmware Lyo-L21C479B107 Huawei LYO L21 Firmware Lyo-L21C577B126	2

Common Weakness Enumeration (CWE)

CWE-755 - Improper Handling of Exceptional Conditions

References

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180613-01-smartphone-en