Severity: Unknown
Description: Bastet in P10 Plus and P10 smart phones with software earlier than VKY-AL00C00B123 versions, earlier than VTR-AL00C00B123 versions have a buffer overflow vulnerability. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. The APP can modify specific data to cause buffer overflow in the next system reboot, causing continuous system reboot or arbitrary code execution.
CVSS Score: N/A
D
No data available.
No data available.
1. Risk Assessment
The vulnerability CVE-2017-2724 is a buffer overflow in the Bastet component of Huawei P10 and P10 Plus smartphones running software earlier than VKY-AL00C00B123 and VTR-AL00C00B123 respectively. The nature of the vulnerability allows an attacker, with root privilege on the Android system, to cause a buffer overflow after a user installs a malicious application. This can lead to continuous system reboots or arbitrary code execution. The business impact is potentially significant, ranging from denial of service (continuous reboots) to full compromise of the device, impacting data confidentiality, integrity, and availability. The likelihood of exploitation is moderate, requiring a user to install a malicious app, but the ease of exploitation is relatively high once the app is installed, as the buffer overflow occurs upon reboot. This vulnerability impacts the integrity and availability of the device, and potentially the confidentiality of data stored on it, depending on the attacker’s actions after exploitation. The EPSS score of 0.00185 indicates a relatively low, but not negligible, probability of exploitation.
2. Potential Attack Scenarios
An attacker could craft a malicious Android application that, once installed by a user, modifies specific data that triggers the buffer overflow in the Bastet component during the next system reboot. The attack vector is the installation of the malicious app, potentially through a third-party app store, a compromised website, or a social engineering attack (e.g., a phishing email with an app download link). The attack process unfolds as follows: the user installs the malicious app, the app modifies the relevant data, the user reboots their device, and the buffer overflow occurs in the Bastet component. Potential outcomes include continuous system reboots, making the phone unusable, or arbitrary code execution, allowing the attacker to install malware, steal data (contacts, photos, messages), or gain complete control of the device. The attacker could then leverage the compromised device to access corporate resources if the phone is used for work purposes or is connected to a corporate network.
3. Mitigation Recommendations
The primary mitigation for CVE-2017-2724 is to update the Huawei P10 or P10 Plus smartphone to a software version of VKY-AL00C00B123 or VTR-AL00C00B123 or later. Users should check for updates through the phone’s settings menu (typically under System > Software Update). Organizations providing these devices to employees should ensure timely deployment of the update. Immediate actions include encouraging users to only install apps from trusted sources like the Google Play Store and being cautious of apps requesting excessive permissions. While there isn’t a direct workaround aside from patching, users can minimize the attack surface by limiting the number of applications installed and regularly reviewing app permissions. Further information can be found in the Huawei security advisory: http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170405-01-smartphone-en and SecurityFocus BID 97696: http://www.securityfocus.com/bid/97696.
4. Executive Summary
CVE-2017-2724 is a buffer overflow vulnerability affecting Huawei P10 and P10 Plus smartphones. An attacker can leverage a malicious application to trigger this vulnerability, potentially causing system crashes or gaining complete control of the device. This impacts the availability of the phone and could compromise sensitive data stored on the device. The risk is moderate, but the potential business impact – loss of productivity, data breach, or compromised corporate access – warrants prompt action. We recommend updating all affected Huawei P10 and P10 Plus devices to the latest software version (VKY-AL00C00B123 or VTR-AL00C00B123 or later) as soon as possible to mitigate the risk. Users should also practice safe app installation habits and only download apps from trusted sources. Addressing this vulnerability is crucial for maintaining device stability and protecting valuable data.
Severity: Unknown
Description: Bastet in P10 Plus and P10 smart phones with software earlier than VKY-AL00C00B123 versions, earlier than VTR-AL00C00B123 versions have a buffer overflow vulnerability. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. The APP can modify specific data to cause buffer overflow in the next system reboot, causing continuous system reboot or arbitrary code execution.
CVSS Score: N/A
D
No data available.
No data available.
1. Risk Assessment
The vulnerability CVE-2017-2725 is a buffer overflow within the Bastet component of Huawei P10 and P10 Plus smartphones running software earlier than specified versions. The nature of a buffer overflow means that a malicious application, with root privileges, can write data beyond the allocated memory space, potentially overwriting critical data or executing arbitrary code. The business impact is moderate to high. A successful exploit could lead to continuous system reboots disrupting user functionality, or more critically, arbitrary code execution allowing an attacker to gain control of the device and potentially access sensitive data. The likelihood of exploitation is moderate, requiring a user to install a malicious app, but once installed, the exploit is relatively straightforward. The ease of exploitation is also moderate as it requires root privileges on the Android system. Impacts on confidentiality are possible if the attacker gains code execution and can access data stored on the device. Integrity is impacted through the modification of data leading to potential system instability or data corruption. Availability is directly impacted by the potential for continuous system reboots. The EPSS score of 0.001700000 indicates a relatively low, but present, risk.
2. Potential Attack Scenarios
An attacker could craft a malicious Android application and distribute it via a third-party app store or through a phishing campaign. The attacker tricks a user into installing the app. Once installed and granted root privileges, the malicious app modifies specific data within the Bastet component. This modification causes a buffer overflow when the system next reboots. The overflow overwrites critical memory locations, leading to either continuous system reboots, hindering normal phone operation, or arbitrary code execution. With arbitrary code execution, the attacker could install a backdoor, exfiltrate contacts, photos, or other sensitive data, or use the phone as part of a larger botnet. The attacker benefits from the trust the user placed in the installed application, making detection more difficult.
3. Mitigation Recommendations
The primary mitigation is to update the Huawei P10 and P10 Plus smartphones to software versions VKY-AL00C00B123 or later, or VTR-AL00C00B123 or later. Users should check for and install available software updates through their phone’s settings. Encourage users to only install applications from trusted sources like the Google Play Store. Implement a mobile device management (MDM) solution to centrally manage and update devices, ensuring timely patching across the organization. Consider implementing application whitelisting to control which applications can be installed on devices, reducing the risk of installing malicious apps. Huawei’s security advisory provides further details: http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170405-01-smartphone-en. Security Focus also provides details on this vulnerability: http://www.securityfocus.com/bid/97696.
4. Executive Summary
CVE-2017-2725 is a buffer overflow vulnerability affecting Huawei P10 and P10 Plus smartphones. A malicious application, once installed with root privileges, can cause either continuous system reboots or allow an attacker to gain control of the device. This vulnerability could lead to data loss, disruption of service, and potential compromise of sensitive information. The most effective way to mitigate this risk is to update the phones to the latest software version. Promptly patching these devices is important to prevent potential disruptions and maintain the security of user data. Addressing this vulnerability is a key step in protecting our mobile infrastructure and ensuring business continuity.
Severity: Unknown
Description: Bastet in P10 Plus and P10 smart phones with software earlier than VKY-AL00C00B123 versions, earlier than VTR-AL00C00B123 versions have a buffer overflow vulnerability. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. The APP can modify specific data to cause buffer overflow in the next system reboot, causing continuous system reboot or arbitrary code execution.
CVSS Score: N/A
D
No data available.
No data available.
1. Risk Assessment
The vulnerability CVE-2017-2726 is a buffer overflow in the Bastet component of Huawei P10 and P10 Plus smartphones running software earlier than VKY-AL00C00B123 or VTR-AL00C00B123. The nature of a buffer overflow is that it allows an attacker to potentially overwrite memory, leading to a crash, data corruption, or even arbitrary code execution. The vulnerability requires the attacker to have root privileges on the Android system and requires a user to install a malicious application. This elevates the risk slightly, as it's not a zero-click exploit. The business impact ranges from service disruption to potential data compromise, depending on the level of code execution achieved. The likelihood of exploitation is moderate, assuming a motivated attacker targets devices running older software versions. Ease of exploitation is also moderate, as it requires a malicious app to be installed, but the app can be disguised. Impacts on confidentiality are possible if the attacker gains code execution and can access sensitive data. Integrity can be compromised if the attacker modifies data in memory. Availability is impacted if the vulnerability leads to continuous system reboots or a crash. The EPSS score of 0.001850000 suggests a relatively low, but not negligible, probability of exploitation in the wild.
2. Potential Attack Scenarios
An attacker crafts a malicious Android application that, once installed by a user, modifies specific data within the Bastet component during the next system reboot. The attack vector is through social engineering – tricking a user into installing the malicious app, perhaps disguised as a legitimate utility or game. The attack process involves the following: 1) The user downloads and installs the malicious app. 2) The app modifies data in memory in a way that causes a buffer overflow when the Bastet component is initialized on the next reboot. 3) The overflow overwrites adjacent memory locations, potentially altering program flow. 4) The attacker can then achieve either a continuous system reboot (denial of service) or, more critically, arbitrary code execution. If code execution is achieved, the attacker can install a backdoor, steal data, or perform other malicious actions with the privileges of the Bastet component (which has root access). The potential outcome is a compromised device, with loss of data, disruption of services, or a foothold for further attacks within the network.
3. Mitigation Recommendations
The primary mitigation is to update the Huawei P10 or P10 Plus to the latest software version, specifically VKY-AL00C00B123 or VTR-AL00C00B123, or a later version. Users should enable automatic updates when possible. For organizations managing large fleets of devices, a phased rollout of the update is recommended to minimize disruption. In the interim, users should be cautious about installing apps from untrusted sources. Encourage users to review app permissions before installation. Consider implementing a mobile device management (MDM) solution to centrally manage and update devices. Huawei's security advisory provides further details: http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170405-01-smartphone-en. Security Focus also has information on the vulnerability: http://www.securityfocus.com/bid/97696.
4. Executive Summary
Huawei P10 and P10 Plus smartphones are vulnerable to a buffer overflow in the Bastet component (CVE-2017-2726). This vulnerability could allow an attacker to cause system crashes or, more seriously, gain full control of the device after a user installs a malicious application. While the attacker needs root privileges and requires a user action (app installation), the potential impact is significant – including data theft, service disruption, and a potential foothold for further network attacks. The primary mitigation is to update devices to the latest software version. This is a moderate-risk vulnerability that should be addressed promptly, especially for devices handling sensitive data. Delaying the update increases the risk of compromise and potential business impact. Ensure all users are running the latest software version to minimize the risk.