Sign-up

ID

VAR-201607-0459


CVE

CVE-2016-5821


TITLE

Huawei HiSuite Vulnerabilities that gain system privileges

Trust: 0.8

sources: JVNDB: JVNDB-2016-003754

DESCRIPTION

Huawei HiSuite before 4.0.4.204_ove (Out of China) and before 4.0.4.301 (China) use a weak ACL (FILE_WRITE_DATA for BUILTIN\Users) for the HiSuite service directory, which allows local users to gain SYSTEM privileges via a Trojan horse (1) SspiCli.dll or (2) USERENV.dll file or possibly other unspecified DLL files. Huawei UTPS is prone to a local code-execution vulnerability. A local attacker can leverage this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will result in a denial of service condition. Huawei HiSuite 4.0.3.301 and prior are vulnerable. Huawei HiSuite versions prior to 4.0.4.204_ove (Out of China) and versions prior to 4.0.4.301 (China) have a privilege escalation vulnerability. The vulnerability stems from the program using a weak ACL (FILE_WRITE_DATA for BUILTIN\Users) for the HiSuite service directory

Trust: 1.98

sources: NVD: CVE-2016-5821 // JVNDB: JVNDB-2016-003754 // BID: 91418 // VULHUB: VHN-94640

AFFECTED PRODUCTS

vendor:huaweimodel:hisuitescope:lteversion:4.0.3.301

Trust: 1.0

vendor:huaweimodel:hisuitescope:ltversion:4.0.4.204_ove (out of china)

Trust: 0.8

vendor:huaweimodel:hisuitescope:ltversion:4.0.4.301 (china)

Trust: 0.8

vendor:huaweimodel:hisuitescope:eqversion:4.0.3.301

Trust: 0.6

sources: JVNDB: JVNDB-2016-003754 // CNNVD: CNNVD-201606-645 // NVD: CVE-2016-5821

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-5821
value: HIGH

Trust: 1.0

NVD: CVE-2016-5821
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201606-645
value: HIGH

Trust: 0.6

VULHUB: VHN-94640
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-5821
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-94640
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-5821
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-94640 // JVNDB: JVNDB-2016-003754 // CNNVD: CNNVD-201606-645 // NVD: CVE-2016-5821

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-94640 // JVNDB: JVNDB-2016-003754 // NVD: CVE-2016-5821

THREAT TYPE

local

Trust: 0.9

sources: BID: 91418 // CNNVD: CNNVD-201606-645

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201606-645

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-003754

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-94640

PATCH
title:huawei-sa-20160624-01-hisuiteurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160624-01-hisuite-en
Trust: 0.8
title:Huawei HiSuite Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=62554
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2016-003754 // 
            
            
            
            CNNVD: CNNVD-201606-645

EXTERNAL IDS
db:NVDid:CVE-2016-5821
Trust: 2.8
db:BIDid:91418
Trust: 2.0
db:PACKETSTORMid:137733
Trust: 1.7
db:JVNDBid:JVNDB-2016-003754
Trust: 0.8
db:CNNVDid:CNNVD-201606-645
Trust: 0.7
db:VULHUBid:VHN-94640
Trust: 0.1
sources:
            
            
            VULHUB: VHN-94640 // 
            
            
            
            BID: 91418 // 
            
            
            
            JVNDB: JVNDB-2016-003754 // 
            
            
            
            CNNVD: CNNVD-201606-645 // 
            
            
            
            NVD: CVE-2016-5821

REFERENCES
url:https://labs.bluefrostsecurity.de/advisories/bfs-sa-2016-003/
Trust: 2.5
url:http://www.securityfocus.com/bid/91418
Trust: 1.7
url:http://packetstormsecurity.com/files/137733/huawei-hisuite-for-windows-4.0.3.301-privilege-escalation.html
Trust: 1.7
url:http://www.securityfocus.com/archive/1/538797/100/0/threaded
Trust: 1.1
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160624-01-hisuite-en
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5821
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-5821
Trust: 0.8
url:http://www.securityfocus.com/archive/1/archive/1/538797/100/0/threaded
Trust: 0.6
url:http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20160624-01-hisuite-cn
Trust: 0.6
url:http://blog.rapid7.com/?p=5325
Trust: 0.3
url:http://blog.metasploit.com/2010/08/exploiting-dll-hijacking-flaws.html
Trust: 0.3
url:http://blogs.technet.com/b/msrc/archive/2010/08/21/microsoft-security-advisory-2269637-released.aspx
Trust: 0.3
url:http://blogs.technet.com/b/srd/archive/2010/08/23/more-information-about-dll-preloading-remote-attack-vector.aspx
Trust: 0.3
sources:
            
            
            VULHUB: VHN-94640 // 
            
            
            
            BID: 91418 // 
            
            
            
            JVNDB: JVNDB-2016-003754 // 
            
            
            
            CNNVD: CNNVD-201606-645 // 
            
            
            
            NVD: CVE-2016-5821

CREDITS
Blue Frost Security of Benjamin Gnahm
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201606-645

SOURCES
db:VULHUBid:VHN-94640
db:BIDid:91418
db:JVNDBid:JVNDB-2016-003754
db:CNNVDid:CNNVD-201606-645
db:NVDid:CVE-2016-5821

LAST UPDATE DATE
2024-11-23T22:34:49.294000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-94640date:2018-10-09T00:00:00
db:BIDid:91418date:2016-07-06T15:12:00
db:JVNDBid:JVNDB-2016-003754date:2016-07-20T00:00:00
db:CNNVDid:CNNVD-201606-645date:2016-06-29T00:00:00
db:NVDid:CVE-2016-5821date:2024-11-21T02:55:04.320

SOURCES RELEASE DATE
db:VULHUBid:VHN-94640date:2016-07-13T00:00:00
db:BIDid:91418date:2016-06-24T00:00:00
db:JVNDBid:JVNDB-2016-003754date:2016-07-20T00:00:00
db:CNNVDid:CNNVD-201606-645date:2016-06-29T00:00:00
db:NVDid:CVE-2016-5821date:2016-07-13T15:59:09.013