ID

VAR-201711-0258


CVE

CVE-2017-2692


TITLE

plural Huawei Command injection vulnerability in smartphone software

Trust: 0.8

sources: JVNDB: JVNDB-2017-010501

DESCRIPTION

The Keyguard application in ALE-L02C635B140 and earlier versions,ALE-L02C636B140 and earlier versions,ALE-L21C10B150 and earlier versions,ALE-L21C185B200 and earlier versions,ALE-L21C432B214 and earlier versions,ALE-L21C464B150 and earlier versions,ALE-L21C636B200 and earlier versions,ALE-L23C605B190 and earlier versions,ALE-TL00C01B250 and earlier versions,ALE-UL00C00B250 and earlier versions,MT7-L09C605B325 and earlier versions,MT7-L09C900B339 and earlier versions,MT7-TL10C900B339 and earlier versions,CRR-CL00C92B172 and earlier versions,CRR-L09C432B180 and earlier versions,CRR-TL00C01B172 and earlier versions,CRR-UL00C00B172 and earlier versions,CRR-UL20C432B171 and earlier versions,GRA-CL00C92B230 and earlier versions,GRA-L09C432B222 and earlier versions,GRA-TL00C01B230SP01 and earlier versions,GRA-UL00C00B230 and earlier versions,GRA-UL00C10B201 and earlier versions,GRA-UL00C432B220 and earlier versions,H60-L04C10B523 and earlier versions,H60-L04C185B523 and earlier versions,H60-L04C636B527 and earlier versions,H60-L04C900B530 and earlier versions,PLK-AL10C00B220 and earlier versions,PLK-AL10C92B220 and earlier versions,PLK-CL00C92B220 and earlier versions,PLK-L01C10B140 and earlier versions,PLK-L01C185B130 and earlier versions,PLK-L01C432B187 and earlier versions,PLK-L01C432B190 and earlier versions,PLK-L01C432B190 and earlier versions,PLK-L01C636B130 and earlier versions,PLK-TL00C01B220 and earlier versions,PLK-TL01HC01B220 and earlier versions,PLK-UL00C17B220 and earlier versions,ATH-AL00C00B210 and earlier versions,ATH-AL00C92B200 and earlier versions,ATH-CL00C92B210 and earlier versions,ATH-TL00C01B210 and earlier versions,ATH-TL00HC01B210 and earlier versions,ATH-UL00C00B210 and earlier versions,RIO-AL00C00B220 and earlier versions,RIO-CL00C92B220 and earlier versions,RIO-TL00C01B220 and earlier versions,RIO-UL00C00B220 and earlier versions have a privilege elevation vulnerability. An attacker may exploit it to launch command injection in order to gain elevated privileges. plural Huawei Smartphone software contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Huawei EMUI is prone to a directory-traversal vulnerability and a command-injection vulnerability because it fails to sufficiently sanitize user-supplied input. Attackers can use a specially crafted request with directory-traversal sequences ('../') to decompress malicious files into the target path, or execute arbitrary commands and gain elevated privileges. Huawei Maimang 4, etc. are all smartphone products of China's Huawei (Huawei). EMUI is a smart terminal human-computer interaction system based on the Android platform used in it. keyguard is one of the lock screen applications. EMUI 3 in various Huawei products. The privilege escalation vulnerability exists in the keyguard application of version 1. The vulnerability stems from insufficient checking of specific parameters in the keyguard application

Trust: 1.98

sources: NVD: CVE-2017-2692 // JVNDB: JVNDB-2017-010501 // BID: 95919 // VULHUB: VHN-110895

AFFECTED PRODUCTS

vendor:huaweimodel:mate 7scope:lteversion:mt7-l09c605b325

Trust: 1.0

vendor:huaweimodel:honor 6scope:lteversion:h60-l04c185b523

Trust: 1.0

vendor:huaweimodel:g8scope:lteversion:rio-cl00c92b220

Trust: 1.0

vendor:huaweimodel:honor 7scope:lteversion:plk-l01c10b140

Trust: 1.0

vendor:huaweimodel:p8 litescope:lteversion:ale-l21c10b150

Trust: 1.0

vendor:huaweimodel:p8 litescope:lteversion:ale-l21c464b150

Trust: 1.0

vendor:huaweimodel:g8scope:lteversion:rio-ul00c00b220

Trust: 1.0

vendor:huaweimodel:p8scope:lteversion:gra-ul00c10b201

Trust: 1.0

vendor:huaweimodel:p8 litescope:lteversion:ale-l02c636b140

Trust: 1.0

vendor:huaweimodel:shotxscope:lteversion:ath-ul00c00b210

Trust: 1.0

vendor:huaweimodel:p8 litescope:lteversion:ale-l02c635b140

Trust: 1.0

vendor:huaweimodel:honor 7scope:lteversion:plk-l01c636b130

Trust: 1.0

vendor:huaweimodel:mate sscope:lteversion:crr-l09c432b180

Trust: 1.0

vendor:huaweimodel:g8scope:lteversion:rio-tl00c01b220

Trust: 1.0

vendor:huaweimodel:honor 7scope:lteversion:plk-al10c00b220

Trust: 1.0

vendor:huaweimodel:p8 litescope:lteversion:ale-l21c636b200

Trust: 1.0

vendor:huaweimodel:honor 7scope:lteversion:plk-cl00c92b220

Trust: 1.0

vendor:huaweimodel:mate sscope:lteversion:crr-ul20c432b171

Trust: 1.0

vendor:huaweimodel:mate 7scope:lteversion:mt7-tl10c900b339

Trust: 1.0

vendor:huaweimodel:mate sscope:lteversion:crr-ul00c00b172

Trust: 1.0

vendor:huaweimodel:p8 litescope:lteversion:ale-l21c185b200

Trust: 1.0

vendor:huaweimodel:honor 7scope:lteversion:plk-al10c92b220

Trust: 1.0

vendor:huaweimodel:shotxscope:lteversion:ath-cl00c92b210

Trust: 1.0

vendor:huaweimodel:honor 7scope:lteversion:plk-tl01hc01b220

Trust: 1.0

vendor:huaweimodel:p8 litescope:lteversion:ale-l23c605b190

Trust: 1.0

vendor:huaweimodel:honor 7scope:lteversion:plk-tl00c01b220

Trust: 1.0

vendor:huaweimodel:honor 6scope:lteversion:h60-l04c636b527

Trust: 1.0

vendor:huaweimodel:shotxscope:lteversion:rio-al00c00b220

Trust: 1.0

vendor:huaweimodel:p8 litescope:lteversion:ale-tl00c01b250

Trust: 1.0

vendor:huaweimodel:honor 6scope:lteversion:h60-l04c10b523

Trust: 1.0

vendor:huaweimodel:honor 6scope:lteversion:h60-l04c900b530

Trust: 1.0

vendor:huaweimodel:p8scope:lteversion:gra-ul00c00b230

Trust: 1.0

vendor:huaweimodel:mate 7scope:lteversion:mt7-l09c900b339

Trust: 1.0

vendor:huaweimodel:p8scope:lteversion:gra-ul00c432b220

Trust: 1.0

vendor:huaweimodel:honor 7scope:lteversion:plk-l01c432b190

Trust: 1.0

vendor:huaweimodel:honor 7scope:lteversion:plk-ul00c17b220

Trust: 1.0

vendor:huaweimodel:p8scope:lteversion:gra-cl00c92b230

Trust: 1.0

vendor:huaweimodel:p8 litescope:lteversion:ale-l21c432b214

Trust: 1.0

vendor:huaweimodel:g8scope:lteversion:rio-al00c00b220

Trust: 1.0

vendor:huaweimodel:honor 7scope:lteversion:plk-l01c432b187

Trust: 1.0

vendor:huaweimodel:mate sscope:lteversion:crr-cl00c92b172

Trust: 1.0

vendor:huaweimodel:p8scope:lteversion:gra-l09c432b222

Trust: 1.0

vendor:huaweimodel:shotxscope:lteversion:ath-al00c00b210

Trust: 1.0

vendor:huaweimodel:p8scope:lteversion:gra-tl00c01b230sp01

Trust: 1.0

vendor:huaweimodel:shotxscope:lteversion:ath-tl00c01b210

Trust: 1.0

vendor:huaweimodel:p8 litescope:lteversion:ale-ul00c00b250.

Trust: 1.0

vendor:huaweimodel:shotxscope:lteversion:ath-tl00hc01b210

Trust: 1.0

vendor:huaweimodel:mate sscope:lteversion:crr-tl00c01b172

Trust: 1.0

vendor:huaweimodel:shotxscope:lteversion:ath-al00c92b200

Trust: 1.0

vendor:huaweimodel:g8scope: - version: -

Trust: 0.8

vendor:huaweimodel:honor 6scope: - version: -

Trust: 0.8

vendor:huaweimodel:honor 7scope: - version: -

Trust: 0.8

vendor:huaweimodel:mate 7scope: - version: -

Trust: 0.8

vendor:huaweimodel:mate sscope: - version: -

Trust: 0.8

vendor:huaweimodel:p8 litescope: - version: -

Trust: 0.8

vendor:huaweimodel:p8scope: - version: -

Trust: 0.8

vendor:huaweimodel:shotxscope: - version: -

Trust: 0.8

vendor:huaweimodel:shotxscope:eqversion:ath-tl00hc01b210

Trust: 0.6

vendor:huaweimodel:shotxscope:eqversion:rio-al00c00b220

Trust: 0.6

vendor:huaweimodel:shotxscope:eqversion:ath-al00c00b210

Trust: 0.6

vendor:huaweimodel:shotxscope:eqversion:ath-tl00c01b210

Trust: 0.6

vendor:huaweimodel:g8scope:eqversion:rio-tl00c01b220

Trust: 0.6

vendor:huaweimodel:g8scope:eqversion:rio-cl00c92b220

Trust: 0.6

vendor:huaweimodel:shotxscope:eqversion:ath-cl00c92b210

Trust: 0.6

vendor:huaweimodel:g8scope:eqversion:rio-ul00c00b220

Trust: 0.6

vendor:huaweimodel:shotxscope:eqversion:ath-ul00c00b210

Trust: 0.6

vendor:huaweimodel:g8scope:eqversion:rio-al00c00b220

Trust: 0.6

vendor:huaweimodel:shotx ath-ul00c00b210scope: - version: -

Trust: 0.3

vendor:huaweimodel:shotx ath-tl00hc01b210scope: - version: -

Trust: 0.3

vendor:huaweimodel:shotx ath-tl00c01b210scope: - version: -

Trust: 0.3

vendor:huaweimodel:shotx ath-cl00c92b210scope: - version: -

Trust: 0.3

vendor:huaweimodel:shotx ath-al00c92b200scope: - version: -

Trust: 0.3

vendor:huaweimodel:shotx ath-al00c00b210scope: - version: -

Trust: 0.3

vendor:huaweimodel:p8 lite ale-ul00c00b250scope: - version: -

Trust: 0.3

vendor:huaweimodel:p8 lite ale-tl00c01b250scope: - version: -

Trust: 0.3

vendor:huaweimodel:p8 lite ale-l23c605b190scope: - version: -

Trust: 0.3

vendor:huaweimodel:p8 lite ale-l21c636b200scope: - version: -

Trust: 0.3

vendor:huaweimodel:p8 lite ale-l21c464b150scope: - version: -

Trust: 0.3

vendor:huaweimodel:p8 lite ale-l21c432b214scope: - version: -

Trust: 0.3

vendor:huaweimodel:p8 lite ale-l21c185b200scope: - version: -

Trust: 0.3

vendor:huaweimodel:p8 gra-ul00c00b230scope: - version: -

Trust: 0.3

vendor:huaweimodel:p8 gra-tl00c01b230sp01scope: - version: -

Trust: 0.3

vendor:huaweimodel:p8 gra-cl00c92b230scope: - version: -

Trust: 0.3

vendor:huaweimodel:mate s crr-ul00c00b172scope: - version: -

Trust: 0.3

vendor:huaweimodel:mate s crr-tl00c01b172scope: - version: -

Trust: 0.3

vendor:huaweimodel:mate s crr-cl00c92b172scope: - version: -

Trust: 0.3

vendor:huaweimodel:honor plk-ul00c17b220scope:eqversion:7

Trust: 0.3

vendor:huaweimodel:honor plk-tl01hc01b220scope:eqversion:7

Trust: 0.3

vendor:huaweimodel:honor plk-tl00c01b220scope:eqversion:7

Trust: 0.3

vendor:huaweimodel:honor plk-l01c636b130scope:eqversion:7

Trust: 0.3

vendor:huaweimodel:honor plk-l01c432b190scope:eqversion:7

Trust: 0.3

vendor:huaweimodel:honor plk-l01c432b187scope:eqversion:7

Trust: 0.3

vendor:huaweimodel:honor plk-l01c185b130scope:eqversion:7

Trust: 0.3

vendor:huaweimodel:honor plk-l01c10b140scope:eqversion:7

Trust: 0.3

vendor:huaweimodel:honor plk-al10c92b220scope:eqversion:7

Trust: 0.3

vendor:huaweimodel:honor plk-al10c00b220scope:eqversion:7

Trust: 0.3

vendor:huaweimodel:g8 rio-ul00c00b220scope: - version: -

Trust: 0.3

vendor:huaweimodel:g8 rio-tl00c01b220scope: - version: -

Trust: 0.3

vendor:huaweimodel:g8 rio-cl00c92b220scope: - version: -

Trust: 0.3

vendor:huaweimodel:g8 rio-al00c00b220scope: - version: -

Trust: 0.3

vendor:huaweimodel:emuiscope:eqversion:3.1

Trust: 0.3

vendor:huaweimodel:shotx ath-ul00c00b390scope:neversion: -

Trust: 0.3

vendor:huaweimodel:shotx ath-tl00hc01b390scope:neversion: -

Trust: 0.3

vendor:huaweimodel:shotx ath-tl00c01b390scope:neversion: -

Trust: 0.3

vendor:huaweimodel:shotx ath-cl00c92b380scope:neversion: -

Trust: 0.3

vendor:huaweimodel:shotx ath-al00c92b390scope:neversion: -

Trust: 0.3

vendor:huaweimodel:shotx ath-al00c00b390scope:neversion: -

Trust: 0.3

vendor:huaweimodel:p8 lite ale-ul00c00b571scope:neversion: -

Trust: 0.3

vendor:huaweimodel:p8 lite ale-tl00c01b575scope:neversion: -

Trust: 0.3

vendor:huaweimodel:p8 lite ale-l23c605b527scope:neversion: -

Trust: 0.3

vendor:huaweimodel:p8 lite ale-l21c636b563scope:neversion: -

Trust: 0.3

vendor:huaweimodel:p8 lite ale-l21c464b581scope:neversion: -

Trust: 0.3

vendor:huaweimodel:p8 lite ale-l21c432b585scope:neversion: -

Trust: 0.3

vendor:huaweimodel:p8 lite ale-l21c185b562scope:neversion: -

Trust: 0.3

vendor:huaweimodel:p8 gra-ul00c00b366scope:neversion: -

Trust: 0.3

vendor:huaweimodel:p8 gra-tl00c01b366scope:neversion: -

Trust: 0.3

vendor:huaweimodel:p8 gra-cl00c92b366scope:neversion: -

Trust: 0.3

vendor:huaweimodel:mate s crr-ul00c00b368scope:neversion: -

Trust: 0.3

vendor:huaweimodel:mate s crr-tl00c01b368scope:neversion: -

Trust: 0.3

vendor:huaweimodel:mate s crr-cl00c92b368scope:neversion: -

Trust: 0.3

vendor:huaweimodel:honor plk-ul00c17b382scope:neversion:7

Trust: 0.3

vendor:huaweimodel:honor plk-tl01hc01b382scope:neversion:7

Trust: 0.3

vendor:huaweimodel:honor plk-tl00c01b382scope:neversion:7

Trust: 0.3

vendor:huaweimodel:honor plk-l01c636b350scope:neversion:7

Trust: 0.3

vendor:huaweimodel:honor plk-l01c432b380scope:neversion:7

Trust: 0.3

vendor:huaweimodel:honor plk-l01c185b380scope:neversion:7

Trust: 0.3

vendor:huaweimodel:honor plk-l01c10b331scope:neversion:7

Trust: 0.3

vendor:huaweimodel:honor plk-cl00c92b382scope:neversion:7

Trust: 0.3

vendor:huaweimodel:honor plk-al10c92b382scope:neversion:7

Trust: 0.3

vendor:huaweimodel:honor plk-al10c00b382scope:neversion:7

Trust: 0.3

vendor:huaweimodel:g8 rio-ul00c00b390scope:neversion: -

Trust: 0.3

vendor:huaweimodel:g8 rio-tl00c01b390scope:neversion: -

Trust: 0.3

vendor:huaweimodel:g8 rio-cl00c92b390scope:neversion: -

Trust: 0.3

vendor:huaweimodel:g8 rio-al00c00b390scope:neversion: -

Trust: 0.3

sources: BID: 95919 // JVNDB: JVNDB-2017-010501 // CNNVD: CNNVD-201702-248 // NVD: CVE-2017-2692

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-2692
value: HIGH

Trust: 1.0

NVD: CVE-2017-2692
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201702-248
value: MEDIUM

Trust: 0.6

VULHUB: VHN-110895
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-2692
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-110895
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-2692
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-110895 // JVNDB: JVNDB-2017-010501 // CNNVD: CNNVD-201702-248 // NVD: CVE-2017-2692

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.9

sources: VULHUB: VHN-110895 // JVNDB: JVNDB-2017-010501 // NVD: CVE-2017-2692

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201702-248

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201702-248

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-010501

PATCH

title:huawei-sa-20170125-01-emuiurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170125-01-emui-en

Trust: 0.8

title:Huawei EMUI Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=67639

Trust: 0.6

sources: JVNDB: JVNDB-2017-010501 // CNNVD: CNNVD-201702-248

EXTERNAL IDS

db:NVDid:CVE-2017-2692

Trust: 2.8

db:BIDid:95919

Trust: 2.0

db:JVNDBid:JVNDB-2017-010501

Trust: 0.8

db:CNNVDid:CNNVD-201702-248

Trust: 0.6

db:VULHUBid:VHN-110895

Trust: 0.1

sources: VULHUB: VHN-110895 // BID: 95919 // JVNDB: JVNDB-2017-010501 // CNNVD: CNNVD-201702-248 // NVD: CVE-2017-2692

REFERENCES

url:http://www.securityfocus.com/bid/95919

Trust: 1.7

url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170125-01-emui-en

Trust: 1.7

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2692

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2017-2692

Trust: 0.8

url:http://www.huawei.com/en/

Trust: 0.3

url:http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170125-01-emui-en

Trust: 0.3

sources: VULHUB: VHN-110895 // BID: 95919 // JVNDB: JVNDB-2017-010501 // CNNVD: CNNVD-201702-248 // NVD: CVE-2017-2692

CREDITS

Flanker from the Keen Security Lab of Tencent.

Trust: 0.9

sources: BID: 95919 // CNNVD: CNNVD-201702-248

SOURCES

db:VULHUBid:VHN-110895
db:BIDid:95919
db:JVNDBid:JVNDB-2017-010501
db:CNNVDid:CNNVD-201702-248
db:NVDid:CVE-2017-2692

LAST UPDATE DATE

2024-08-14T14:27:01.595000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-110895date:2017-12-07T00:00:00
db:BIDid:95919date:2017-02-02T00:09:00
db:JVNDBid:JVNDB-2017-010501date:2017-12-15T00:00:00
db:CNNVDid:CNNVD-201702-248date:2017-12-26T00:00:00
db:NVDid:CVE-2017-2692date:2017-12-07T18:56:07.573

SOURCES RELEASE DATE

db:VULHUBid:VHN-110895date:2017-11-22T00:00:00
db:BIDid:95919date:2017-01-25T00:00:00
db:JVNDBid:JVNDB-2017-010501date:2017-12-15T00:00:00
db:CNNVDid:CNNVD-201702-248date:2017-01-25T00:00:00
db:NVDid:CVE-2017-2692date:2017-11-22T19:29:00.333