Insufficient Input Validation in HUAWEI P9 Smartphones
CVE-2017-2713

5.4MEDIUM

Key Information:

Vendor: McAfee
Status: Huawei P9
Vendor: CVE Published:; 22 November 2017

Summary

HUAWEI P9 smartphones are affected by an insufficient input validation vulnerability that could be exploited by attackers to manipulate air interface signaling messages. This could potentially allow unauthorized access to sensitive communication information. Users with versions earlier than EVA-L09C432B383, EVA-L09C636B380, VIE-L09C432B370, and VIE-L29C636B370 should consider upgrading their devices to prevent possible exploitation.

Affected Version(s)

HUAWEI P9 Versions earlier before EVA-L09C432B383, Versions earlier before EVA-L09C636B380, Versions earlier before VIE-L09C432B370, Versions earlier before VIE-L29C636B370

References

http://www.huawei.com/en/psirt/security-advisories/huawei...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 22, 2017
Vulnerability Reserved
Dec 1, 2016