Vulnerability Details CVE-2017-17140
Huawei Enjoy 5s and Y6 Pro smartphones with software the versions before TAG-AL00C92B170; the versions before TIT-L01C576B121 have an information leak vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious application on the smart phone and the application can read some sensitive information in kernel memory which may cause sensitive information leak.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 29.9%
CVSS Severity
CVSS v3 Score 5.5
CVSS v2 Score 4.3
References
Products affected by CVE-2017-17140
-
cpe:2.3:h:huawei:enjoy_5s:-
-
cpe:2.3:h:huawei:y6_pro:-
-
cpe:2.3:o:huawei:enjoy_5s_firmware:*
-
cpe:2.3:o:huawei:y6_pro_firmware:-
-
cpe:2.3:o:huawei:y6_pro_firmware:9.1.0.248(c636e5r3p1)
-
cpe:2.3:o:huawei:y6_pro_firmware:tit-al00c583b214