Input Validation Flaw in P9 Plus Smartphones from Huawei
CVE-2017-2711

5.5MEDIUM

Key Information:

Vendor: McAfee
Status: P9 Plus
Vendor: CVE Published:; 22 November 2017

Summary

The P9 Plus smartphones from Huawei, running software versions earlier than VIE-AL10C00B352, are susceptible to an input validation vulnerability within the touchscreen driver. This flaw enables malicious actors to potentially exploit the device by tricking users into installing harmful applications. Once compromised, the attacker can manipulate specific parameters, resulting in a system crash and compromising the phone's functionality.

Affected Version(s)

P9 Plus Earlier than VIE-AL10C00B352 versions

References

http://www.huawei.com/en/psirt/security-advisories/huawei...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/95663

vdb-entryx_refsource_BID

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 22, 2017
Vulnerability Reserved
Dec 1, 2016