CVE-2017-8202

Published Nov 22, 2017

Last updated 7 years ago

CVSS medium 5.5

Overview

Description: The CameraISP driver of some Huawei smart phones with software of versions earlier than Prague-AL00AC00B205,versions earlier than Prague-AL00BC00B205,versions earlier than Prague-AL00CC00B205,versions earlier than Prague-TL00AC01B205,versions earlier than Prague-TL10AC01B205 has a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP, the APP can send a specific parameter to the CameraISP driver of the smart phone, causing system reboot.
Source: psirt@huawei.com
NVD status: Analyzed

Risk scores

CVSS 3.0

Type: Primary
Base score: 5.5
Impact score: 3.6
Exploitability score: 1.8
Vector string: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 7.1
Impact score: 6.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:N/A:C

Weaknesses

nvd@nist.gov: CWE-119

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:huawei:prague-al00a_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0BBFB499-51B9-4AE4-980E-79A00FB0D1B7",
            "versionEndExcluding": "prague-al00ac00b205"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:huawei:prague-al00a:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "04E54AE0-CB98-47D2-AF52-516EADEF1F5D"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:huawei:prague-al00b_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F0FDB5A5-E2FA-49D9-A90A-5610E80FC52E",
            "versionEndExcluding": "prague-al00bc00b205"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:huawei:prague-al00b:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "DA3C5A77-355C-4797-8B3F-706C9A7C2F1C"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:huawei:prague-al00c_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DB9A057F-E073-49CE-B5C8-8AB6C1D86E0F",
            "versionEndExcluding": "prague-al00cc00b205"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:huawei:prague-al00c:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "05BB6D0A-0545-456D-85CC-9A302BAC9A0E"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:huawei:prague-tl00a_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "13716CDC-BF66-441C-B9AC-2E0DE386F850",
            "versionEndExcluding": "prague-tl00ac01b205"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:huawei:prague-tl00a:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "338F548C-DA7E-4EA4-9D54-7DDF1D5F99B4"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:huawei:prague-tl10a_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6514DCDB-A643-4270-88D9-5464CAD82D77",
            "versionEndExcluding": "prague-tl10ac01b205"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:huawei:prague-tl10a:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F248688D-F679-42E9-BAA4-34187D5EC5F0"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References