How severe is CVE-2017-17158?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.6 out of 10.

What type of vulnerability is CVE-2017-17158?

This is classified as CWE-20, which is a common weakness in software security.

CVE-2017-17158

MEDIUM Year: 2017

CVSS v3 Score

4.6

Medium

CVSS v2 Score

2.1

Low

Weakness Type

CWE-20

View all →

Vulnerability Description

Some Huawei smart phones with the versions before Berlin-L21HNC185B381; the versions before Prague-AL00AC00B223; the versions before Prague-AL00BC00B223; the versions before Prague-AL00CC00B223; the versions before Prague-L31C432B208; the versions before Prague-TL00AC01B223; the versions before Prague-TL00AC01B223 have an information exposure vulnerability. When the user's smart phone connects to the malicious device for charging, an unauthenticated attacker may activate some specific function by sending some specially crafted messages. Due to insufficient input validation of the messages, successful exploit may cause information exposure.

CVE-2015-6839

MEDIUM

CVSS:4.6(Medium)

The parse function in MSA vot.Ar 3.1 does not check whether a candidate receives more than one vote, which allows physically proximate attackers to cast multiple votes for a candidate via a crafted RF...

CWE-202015

CVE-2016-11040

MEDIUM

CVSS:4.6(Medium)

An issue was discovered on Samsung mobile devices with L(5.0/5.1) (with USB OTG MyFile2014_L_ESS support) software. There is a Factory Reset Protection (FRP) bypass. The Samsung ID is SVE-2015-5068 (J...

CWE-202016

CVE-2016-11048

MEDIUM

CVSS:4.6(Medium)

An issue was discovered on Samsung mobile devices with L(5.0/5.1) (Spreadtrum or Marvell chipsets) software. There is a Factory Reset Protection (FRP) bypass. The Samsung ID is SVE-2016-5421 (March 20...

CWE-202016

CVE-2016-11053

MEDIUM

CVSS:4.6(Medium)

An issue was discovered on Samsung mobile devices with software through 2015-11-11 (supporting FRP/RL). There is a Factory Reset Protection (FRP) bypass. The Samsung ID is SVE-2015-5131 (January 2016)...

CWE-202016

CVE-2017-5695

MEDIUM

CVSS:4.6(Medium)

Data corruption vulnerability in firmware in Intel Solid-State Drive Consumer, Professional, Embedded, Data Center affected firmware versions LSBG200, LSF031C, LSF036C, LBF010C, LSBG100, LSF031C, LSF0...

CWE-202017

CVE-2018-12188

MEDIUM

CVSS:4.6(Medium)

Insufficient input validation in Intel CSME before versions 11.8.60, 11.11.60, 11.22.60 or 12.0.20 or Intel TXE before version 3.1.60 or 4.0.10 may allow an unauthenticated user to potentially modify ...

CWE-202018

CVE-2017-17158

Vulnerability Description

Related Vulnerabilities

CVE-2015-6839

CVE-2016-11040

CVE-2016-11048

CVE-2016-11053

CVE-2017-5695

CVE-2018-12188