Vulnerability Details : CVE-2017-17319
Huawei P9 smartphones with the versions before EVA-AL10C00B399SP02 have an information disclosure vulnerability. The software does not properly protect certain resource which can be accessed by multithreading. An attacker tricks the user who has root privilege to install a crafted application, successful exploit could result in kernel information disclosure.
Vulnerability category: Information leak
Exploit prediction scoring system (EPSS) score for CVE-2017-17319
Probability of exploitation activity in the next 30 days: 0.07%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 27 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2017-17319
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
7.1
|
HIGH | AV:N/AC:M/Au:N/C:C/I:N/A:N |
8.6
|
6.9
|
NIST |
|
5.5
|
MEDIUM | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
1.8
|
3.6
|
NIST |
CWE ids for CVE-2017-17319
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-17319
-
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180314-01-smartphone-en
Security Advisory - Information Disclosure Vulnerability on Huawei SmartphonesVendor Advisory
Products affected by CVE-2017-17319
- cpe:2.3:o:huawei:p9_firmware:*:*:*:*:*:*:*:*