Insufficient Input Validation in HUAWEI P9 Smartphones
CVE-2017-2713

5.4MEDIUM

Key Information:

Vendor: McAfee
Status: Huawei P9
Vendor: CVE Published:; 22 November 2017

What is CVE-2017-2713?

HUAWEI P9 smartphones are affected by an insufficient input validation vulnerability that could be exploited by attackers to manipulate air interface signaling messages. This could potentially allow unauthorized access to sensitive communication information. Users with versions earlier than EVA-L09C432B383, EVA-L09C636B380, VIE-L09C432B370, and VIE-L29C636B370 should consider upgrading their devices to prevent possible exploitation.

Affected Version(s)

HUAWEI P9 Versions earlier before EVA-L09C432B383, Versions earlier before EVA-L09C636B380, Versions earlier before VIE-L09C432B370, Versions earlier before VIE-L29C636B370

References

http://www.huawei.com/en/psirt/security-advisories/huawei...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 22, 2017
Vulnerability Reserved
Dec 1, 2016

McAfee

What is CVE-2017-2713?

Affected Version(s)

References

CVSS V3.1

Timeline