Resource Exhaustion Vulnerability in Huawei Smartphones
CVE-2017-8144

5.5MEDIUM

Key Information:

Vendor: McAfee
Status: Honor 5a,honor 8 Lite,mate9,mate9 Pro,p10,p10 Plus
Vendor: CVE Published:; 22 November 2017

Summary

A resource exhaustion vulnerability exists in Huawei smartphones that allows an attacker to exploit a configuration setting. By tricking a user into installing a malicious application, the app can activate the device's flashlight continuously, leading to rapid battery depletion. It affects various models such as the Honor 5A, Honor 8 Lite, Mate9 series, and P10 series. The issue underscores the importance of caution when installing apps and underscores the need for timely software updates.

Affected Version(s)

Honor 5A,Honor 8 Lite,Mate9,Mate9 Pro,P10,P10 Plus The versions before CAM-L03C605B143CUSTC605D003,The versions before Prague-L03C605B161,The versions before Prague-L23C605B160,The versions before MHA-AL00C00B225,The versions before LON-AL00C00B225,The versions before VTR-AL00C00B167,The versions before VTR-TL00C01B167,The versions before VKY-AL00C00B167,The versions before VKY-TL00C01B167

References

http://www.huawei.com/en/psirt/security-advisories/huawei...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 22, 2017
Vulnerability Reserved
Apr 25, 2017