Memory Access Vulnerability in Huawei Smartphones
CVE-2017-8184

5.5MEDIUM

Key Information:

Vendor: McAfee
Status: Nice-al00
Vendor: CVE Published:; 22 November 2017

Summary

A memory access vulnerability exists in certain Huawei smartphones using the MTK platform. Specifically, devices running software versions earlier than Nice-AL00C00B160 and Nice-AL10C00B140 are impacted. An attacker can exploit this vulnerability by tricking a user into installing a malicious application that sends crafted parameters, facilitating unauthorized access to sensitive information stored on the device. This could lead to serious privacy concerns for users, emphasizing the importance of keeping device software up to date.

Affected Version(s)

Nice-AL00 Earlier than Nice-AL00C00B160 versions, Earlier than Nice-AL10C00B140 versions

References

http://www.huawei.com/en/psirt/security-advisories/huawei...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 22, 2017
Vulnerability Reserved
Apr 25, 2017