Sign-up

ID

VAR-201704-0501


CVE

CVE-2016-8769


TITLE

Huawei UTPS Vulnerabilities related to authorization, permissions, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2016-008265

DESCRIPTION

Huawei UTPS earlier than UTPS-V200R003B015D16SPC00C983 has an unquoted service path vulnerability which can lead to the truncation of UTPS service query paths. An attacker may put an executable file in the search path of the affected service and obtain elevated privileges after the executable file is executed. Huawei UTPS Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. Huawei UTPS is prone to a local privilege-escalation vulnerability. Local attackers may exploit this issue to execute arbitrary code with elevated privileges. Huawei Unified Terminal PC suite (UTPS) is a data card management application software run on a PC by Huawei, China. There is a privilege escalation vulnerability in versions earlier than Huawei UTPS V200R003B015D16SPC00C983

Trust: 1.98

sources: NVD: CVE-2016-8769 // JVNDB: JVNDB-2016-008265 // BID: 94403 // VULHUB: VHN-97589

AFFECTED PRODUCTS

vendor:huaweimodel:utpsscope:lteversion:v200r003b015d15sp00c983

Trust: 1.0

vendor:huaweimodel:utpsscope:ltversion:utps-v200r003b015d16spc00c983

Trust: 0.8

vendor:huaweimodel:utpsscope:eqversion:v200r003b015d15sp00c983

Trust: 0.6

vendor:huaweimodel:utpsscope:eqversion:0

Trust: 0.3

vendor:huaweimodel:utps v200r003b015d16spc00scope:neversion: -

Trust: 0.3

sources: BID: 94403 // JVNDB: JVNDB-2016-008265 // CNNVD: CNNVD-201611-471 // NVD: CVE-2016-8769

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-8769
value: MEDIUM

Trust: 1.0

NVD: CVE-2016-8769
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201611-471
value: MEDIUM

Trust: 0.6

VULHUB: VHN-97589
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-8769
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-97589
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-8769
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2016-8769
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-97589 // JVNDB: JVNDB-2016-008265 // CNNVD: CNNVD-201611-471 // NVD: CVE-2016-8769

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-97589 // JVNDB: JVNDB-2016-008265 // NVD: CVE-2016-8769

THREAT TYPE

local

Trust: 0.9

sources: BID: 94403 // CNNVD: CNNVD-201611-471

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201611-471

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-008265

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-97589

PATCH
title:huawei-sa-20161116-01-utpsurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161116-01-utps-en
Trust: 0.8
title:Huawei Unified Terminal PC suite Repair measures for privilege escalationurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65809
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2016-008265 // 
            
            
            
            CNNVD: CNNVD-201611-471

EXTERNAL IDS
db:NVDid:CVE-2016-8769
Trust: 2.8
db:BIDid:94403
Trust: 2.0
db:EXPLOIT-DBid:40807
Trust: 1.7
db:JVNDBid:JVNDB-2016-008265
Trust: 0.8
db:CNNVDid:CNNVD-201611-471
Trust: 0.7
db:PACKETSTORMid:139868
Trust: 0.1
db:VULHUBid:VHN-97589
Trust: 0.1
sources:
            
            
            VULHUB: VHN-97589 // 
            
            
            
            BID: 94403 // 
            
            
            
            JVNDB: JVNDB-2016-008265 // 
            
            
            
            CNNVD: CNNVD-201611-471 // 
            
            
            
            NVD: CVE-2016-8769

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161116-01-utps-en
Trust: 2.0
url:http://www.securityfocus.com/bid/94403
Trust: 1.7
url:https://www.exploit-db.com/exploits/40807/
Trust: 1.7
url:http://www.security-geek.in/2017/02/07/0day-discovery-system-level-access-by-privilege-escalation-of-huawei-manufactured-airtel-photon-dongles/
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8769
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2016-8769
Trust: 0.8
url:http://www.huawei.com
Trust: 0.3
sources:
            
            
            VULHUB: VHN-97589 // 
            
            
            
            BID: 94403 // 
            
            
            
            JVNDB: JVNDB-2016-008265 // 
            
            
            
            CNNVD: CNNVD-201611-471 // 
            
            
            
            NVD: CVE-2016-8769

CREDITS
Dhruv Shah
Trust: 0.9
sources:
            
            
            BID: 94403 // 
            
            
            
            CNNVD: CNNVD-201611-471

SOURCES
db:VULHUBid:VHN-97589
db:BIDid:94403
db:JVNDBid:JVNDB-2016-008265
db:CNNVDid:CNNVD-201611-471
db:NVDid:CVE-2016-8769

LAST UPDATE DATE
2024-11-23T22:22:34.383000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-97589date:2017-09-03T00:00:00
db:BIDid:94403date:2016-11-24T01:12:00
db:JVNDBid:JVNDB-2016-008265date:2017-05-09T00:00:00
db:CNNVDid:CNNVD-201611-471date:2021-08-30T00:00:00
db:NVDid:CVE-2016-8769date:2024-11-21T03:00:01.440

SOURCES RELEASE DATE
db:VULHUBid:VHN-97589date:2017-04-02T00:00:00
db:BIDid:94403date:2016-11-16T00:00:00
db:JVNDBid:JVNDB-2016-008265date:2017-05-09T00:00:00
db:CNNVDid:CNNVD-201611-471date:2016-11-23T00:00:00
db:NVDid:CVE-2016-8769date:2017-04-02T20:59:01.390