Sign-up

ID

VAR-201711-0215


CVE

CVE-2017-2699


TITLE

plural Huawei Vulnerabilities related to authorization, authority, and access control in products

Trust: 0.8

sources: JVNDB: JVNDB-2017-010791

DESCRIPTION

The Huawei Themes APP in versions earlier than PLK-UL00C17B385, versions earlier than CRR-L09C432B380, versions earlier than LYO-L21C577B128 has a privilege elevation vulnerability. An attacker could exploit this vulnerability to upload theme packs containing malicious files and trick users into installing the theme packets, resulting in the execution of arbitrary code. Huawei Honor 7 , Mate S ,and LYO-L21 Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Honor7 and MateS are a smartphone product from China's Huawei company. There is a privilege escalation vulnerability in the HuaweiHonor7/MateS mobile theme app. Huawei Honor 7 and Mate S are prone to a vulnerability that lets attackers upload arbitrary files

Trust: 2.52

sources: NVD: CVE-2017-2699 // JVNDB: JVNDB-2017-010791 // CNVD: CNVD-2017-01861 // BID: 96424 // VULMON: CVE-2017-2699

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-01861

AFFECTED PRODUCTS

vendor:huaweimodel:honor 7scope:ltversion:plk-ul00c17b385

Trust: 1.8

vendor:huaweimodel:lyo-l21scope:ltversion:lyo-l21c577b128

Trust: 1.8

vendor:huaweimodel:mate sscope:ltversion:crr-l09c432b380

Trust: 1.8

vendor:huaweimodel:honor <plk-ul00c17b385scope:eqversion:7

Trust: 0.6

vendor:huaweimodel:mate s <crr-l09c432b380scope: - version: -

Trust: 0.6

vendor:huaweimodel:honorscope:eqversion:70

Trust: 0.3

sources: CNVD: CNVD-2017-01861 // BID: 96424 // JVNDB: JVNDB-2017-010791 // NVD: CVE-2017-2699

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-2699
value: HIGH

Trust: 1.0

NVD: CVE-2017-2699
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-01861
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201702-845
value: HIGH

Trust: 0.6

VULMON: CVE-2017-2699
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-2699
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2017-01861
severity: MEDIUM
baseScore: 6.1
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 8.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2017-2699
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-01861 // VULMON: CVE-2017-2699 // JVNDB: JVNDB-2017-010791 // CNNVD: CNNVD-201702-845 // NVD: CVE-2017-2699

PROBLEMTYPE DATA

problemtype:CWE-434

Trust: 1.0

problemtype:CWE-264

Trust: 0.8

sources: JVNDB: JVNDB-2017-010791 // NVD: CVE-2017-2699

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201702-845

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-201702-845

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-010791

PATCH
title:huawei-sa-20170222-01-themeurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170222-01-theme-en
Trust: 0.8
title:HuaweiHonor7/MateS mobile theme app privilege escalation vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/89665
Trust: 0.6
title:Huawei Honor 7  and Mate S Fixes for permission permissions and access control vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=68084
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-01861 // 
            
            
            
            JVNDB: JVNDB-2017-010791 // 
            
            
            
            CNNVD: CNNVD-201702-845

EXTERNAL IDS
db:NVDid:CVE-2017-2699
Trust: 3.4
db:BIDid:96424
Trust: 2.0
db:JVNDBid:JVNDB-2017-010791
Trust: 0.8
db:CNVDid:CNVD-2017-01861
Trust: 0.6
db:CNNVDid:CNNVD-201702-845
Trust: 0.6
db:VULMONid:CVE-2017-2699
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-01861 // 
            
            
            
            VULMON: CVE-2017-2699 // 
            
            
            
            BID: 96424 // 
            
            
            
            JVNDB: JVNDB-2017-010791 // 
            
            
            
            CNNVD: CNNVD-201702-845 // 
            
            
            
            NVD: CVE-2017-2699

REFERENCES
url:http://www.securityfocus.com/bid/96424
Trust: 1.8
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170222-01-theme-en
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2699
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-2699
Trust: 0.8
url:http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20170222-01-theme-cn
Trust: 0.6
url:http://www.huawei.com/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/434.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-01861 // 
            
            
            
            VULMON: CVE-2017-2699 // 
            
            
            
            BID: 96424 // 
            
            
            
            JVNDB: JVNDB-2017-010791 // 
            
            
            
            CNNVD: CNNVD-201702-845 // 
            
            
            
            NVD: CVE-2017-2699

CREDITS
Nicky(Wu Huiyu) of Tencent Security Platform Department
Trust: 0.3
sources:
            
            
            BID: 96424

SOURCES
db:CNVDid:CNVD-2017-01861
db:VULMONid:CVE-2017-2699
db:BIDid:96424
db:JVNDBid:JVNDB-2017-010791
db:CNNVDid:CNNVD-201702-845
db:NVDid:CVE-2017-2699

LAST UPDATE DATE
2024-11-23T22:34:27.697000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-01861date:2017-02-23T00:00:00
db:VULMONid:CVE-2017-2699date:2019-10-03T00:00:00
db:BIDid:96424date:2017-03-07T03:09:00
db:JVNDBid:JVNDB-2017-010791date:2017-12-25T00:00:00
db:CNNVDid:CNNVD-201702-845date:2019-10-23T00:00:00
db:NVDid:CVE-2017-2699date:2024-11-21T03:24:00.477

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-01861date:2017-02-23T00:00:00
db:VULMONid:CVE-2017-2699date:2017-11-22T00:00:00
db:BIDid:96424date:2017-02-24T00:00:00
db:JVNDBid:JVNDB-2017-010791date:2017-12-25T00:00:00
db:CNNVDid:CNNVD-201702-845date:2017-02-24T00:00:00
db:NVDid:CVE-2017-2699date:2017-11-22T19:29:00.567