Vulnerabilities > CVE-2017-17306 - Out-of-bounds Read vulnerability in Huawei Vns-L21 Firmware

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

local

low complexity

huawei

CWE-125

NVD

Published: 2018-03-20

Updated: 2018-04-17

Summary

Some Huawei Smartphones with software of VNS-L21AUTC555B141, VNS-L21C10B160, VNS-L21C66B160, VNS-L21C703B140 have an array out-of-bounds read vulnerability. Due to the lack verification of array, an attacker tricks a user into installing a malicious application, and the application can exploit the vulnerability and make attacker to read out of bounds of array and possibly cause the device abnormal.

Vulnerable Configurations

Part	Description	Count
OS	Huawei Huawei VNS L21 Firmware Vns-L21Autc555B141 Huawei VNS L21 Firmware Vns-L21C10B160 Huawei VNS L21 Firmware Vns-L21C66B160 Huawei VNS L21 Firmware Vns-L21C703B140	4
Hardware	Huawei Huawei VNS L21 -	1

Common Weakness Enumeration (CWE)

CWE-125 - Out-of-bounds Read

Common Attack Pattern Enumeration and Classification (CAPEC)

Overread Buffers
An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.

References

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180314-01-arrayover-en