What is the vulnerability ID?

The vulnerability ID is CVE-2017-17172.

How severe is CVE-2017-17172?

The severity of CVE-2017-17172 is high with a severity value of 7.3.

Is there a fix available for CVE-2017-17172?

To mitigate CVE-2017-17172, users should update their Huawei smart phones LYO-L21 software to LYO-L21C479B107 or a later version, as advised by Huawei's security advisory.

Vulnerability/
CVE-2017-17172

high

7.3

CWE

755

14/6/2018

3/10/2019

CVE-2017-17172

First published: Thu Jun 14 2018(Updated: )

Huawei smart phones LYO-L21 with software LYO-L21C479B107, LYO-L21C479B107 have a privilege escalation vulnerability. An authenticated, local attacker can crafts malformed packets after tricking a user to install a malicious application and exploit this vulnerability when in the exception handling process. Successful exploitation may cause the attacker to obtain a higher privilege of the smart phones.

Credit: psirt@huawei.com

Affected Software	Affected Version	How to fix
Huawei Lyo-l21
Huawei Lyo-l21 Firmware	=lyo-l21c479b107
Huawei Lyo-l21 Firmware	=lyo-l21c577b126

Never miss a vulnerability like this again

Reference Links

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180613-01-smartphone-en

Frequently Asked Questions

What is the vulnerability ID?
The vulnerability ID is CVE-2017-17172.
What is the title of the vulnerability?
The title of the vulnerability is 'Huawei smart phones LYO-L21 with software LYO-L21C479B107 LYO-L21C479B107 have a privilege escalation vulnerability.'
How severe is CVE-2017-17172?
The severity of CVE-2017-17172 is high with a severity value of 7.3.
How can an attacker exploit CVE-2017-17172?
An authenticated, local attacker can exploit CVE-2017-17172 by crafting malformed packets after tricking a user to install a malicious application and exploiting this vulnerability when in the exception handling.
Is there a fix available for CVE-2017-17172?
To mitigate CVE-2017-17172, users should update their Huawei smart phones LYO-L21 software to LYO-L21C479B107 or a later version, as advised by Huawei's security advisory.

collector/nvd-index
agent/severity
agent/author
agent/references
agent/weakness
agent/tags
agent/description
agent/type
agent/event
agent/softwarecombine
agent/first-publish-date
agent/last-modified-date
vendor/huawei
canonical/huawei lyo-l21
canonical/huawei lyo-l21 firmware
version/huawei lyo-l21 firmware/lyo-l21c479b107
version/huawei lyo-l21 firmware/lyo-l21c577b126

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.