Sign-up

ID

VAR-201711-0259


CVE

CVE-2017-2693


TITLE

plural Huawei Path traversal vulnerability in smartphone software

Trust: 0.8

sources: JVNDB: JVNDB-2017-010502

DESCRIPTION

ALE-L02C635B140 and earlier versions,ALE-L02C636B140 and earlier versions,ALE-L21C10B150 and earlier versions,ALE-L21C185B200 and earlier versions,ALE-L21C432B214 and earlier versions,ALE-L21C464B150 and earlier versions,ALE-L21C636B200 and earlier versions,ALE-L23C605B190 and earlier versions,ALE-TL00C01B250 and earlier versions,ALE-UL00C00B250 and earlier versions,MT7-L09C605B325 and earlier versions,MT7-L09C900B339 and earlier versions,MT7-TL10C900B339 and earlier versions,CRR-CL00C92B172 and earlier versions,CRR-L09C432B180 and earlier versions,CRR-TL00C01B172 and earlier versions,CRR-UL00C00B172 and earlier versions,CRR-UL20C432B171 and earlier versions,GRA-CL00C92B230 and earlier versions,GRA-L09C432B222 and earlier versions,GRA-TL00C01B230SP01 and earlier versions,GRA-UL00C00B230 and earlier versions,GRA-UL00C10B201 and earlier versions,GRA-UL00C432B220 and earlier versions,H60-L04C10B523 and earlier versions,H60-L04C185B523 and earlier versions,H60-L04C636B527 and earlier versions,H60-L04C900B530 and earlier versions,PLK-AL10C00B220 and earlier versions,PLK-AL10C92B220 and earlier versions,PLK-CL00C92B220 and earlier versions,PLK-L01C10B140 and earlier versions,PLK-L01C185B130 and earlier versions,PLK-L01C432B187 and earlier versions,PLK-L01C432B190 and earlier versions,PLK-L01C432B190 and earlier versions,PLK-L01C636B130 and earlier versions,PLK-TL00C01B220 and earlier versions,PLK-TL01HC01B220 and earlier versions,PLK-UL00C17B220 and earlier versions,ATH-AL00C00B210 and earlier versions,ATH-AL00C92B200 and earlier versions,ATH-CL00C92B210 and earlier versions,ATH-TL00C01B210 and earlier versions,ATH-TL00HC01B210 and earlier versions,ATH-UL00C00B210 and earlier versions,RIO-AL00C00B220 and earlier versions,RIO-CL00C92B220 and earlier versions,RIO-TL00C01B220 and earlier versions,RIO-UL00C00B220 and earlier versions have a path traversal vulnerability. An attacker may exploit it to decompress malicious files into a target path. plural Huawei There is a path traversal vulnerability in smartphone software.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. Huawei EMUI is prone to a directory-traversal vulnerability and a command-injection vulnerability because it fails to sufficiently sanitize user-supplied input. Huawei Maimang 4, etc. are all smartphone products of China's Huawei (Huawei). EMUI is a smart terminal human-computer interaction system based on the Android platform used in it. EMUI 3 in various Huawei products. There is a path traversal vulnerability in version 1, which is caused by the fact that the program does not fully verify the path when decompressing a specific type of file

Trust: 1.98

sources: NVD: CVE-2017-2693 // JVNDB: JVNDB-2017-010502 // BID: 95919 // VULHUB: VHN-110896

AFFECTED PRODUCTS

vendor:huaweimodel:mate 7scope:lteversion:mt7-l09c605b325

Trust: 1.0

vendor:huaweimodel:honor 6scope:lteversion:h60-l04c185b523

Trust: 1.0

vendor:huaweimodel:g8scope:lteversion:rio-cl00c92b220

Trust: 1.0

vendor:huaweimodel:honor 7scope:lteversion:plk-l01c10b140

Trust: 1.0

vendor:huaweimodel:p8 litescope:lteversion:ale-l21c10b150

Trust: 1.0

vendor:huaweimodel:p8 litescope:lteversion:ale-l21c464b150

Trust: 1.0

vendor:huaweimodel:g8scope:lteversion:rio-ul00c00b220

Trust: 1.0

vendor:huaweimodel:p8scope:lteversion:gra-ul00c10b201

Trust: 1.0

vendor:huaweimodel:p8 litescope:lteversion:ale-l02c636b140

Trust: 1.0

vendor:huaweimodel:shotxscope:lteversion:ath-ul00c00b210

Trust: 1.0

vendor:huaweimodel:p8 litescope:lteversion:ale-l02c635b140

Trust: 1.0

vendor:huaweimodel:honor 7scope:lteversion:plk-l01c636b130

Trust: 1.0

vendor:huaweimodel:mate sscope:lteversion:crr-l09c432b180

Trust: 1.0

vendor:huaweimodel:g8scope:lteversion:rio-tl00c01b220

Trust: 1.0

vendor:huaweimodel:honor 7scope:lteversion:plk-al10c00b220

Trust: 1.0

vendor:huaweimodel:p8 litescope:lteversion:ale-l21c636b200

Trust: 1.0

vendor:huaweimodel:honor 7scope:lteversion:plk-cl00c92b220

Trust: 1.0

vendor:huaweimodel:mate sscope:lteversion:crr-ul20c432b171

Trust: 1.0

vendor:huaweimodel:mate 7scope:lteversion:mt7-tl10c900b339

Trust: 1.0

vendor:huaweimodel:mate sscope:lteversion:crr-ul00c00b172

Trust: 1.0

vendor:huaweimodel:p8 litescope:lteversion:ale-l21c185b200

Trust: 1.0

vendor:huaweimodel:honor 7scope:lteversion:plk-al10c92b220

Trust: 1.0

vendor:huaweimodel:shotxscope:lteversion:ath-cl00c92b210

Trust: 1.0

vendor:huaweimodel:honor 7scope:lteversion:plk-tl01hc01b220

Trust: 1.0

vendor:huaweimodel:p8 litescope:lteversion:ale-l23c605b190

Trust: 1.0

vendor:huaweimodel:honor 7scope:lteversion:plk-tl00c01b220

Trust: 1.0

vendor:huaweimodel:honor 6scope:lteversion:h60-l04c636b527

Trust: 1.0

vendor:huaweimodel:shotxscope:lteversion:rio-al00c00b220

Trust: 1.0

vendor:huaweimodel:p8 litescope:lteversion:ale-tl00c01b250

Trust: 1.0

vendor:huaweimodel:honor 6scope:lteversion:h60-l04c10b523

Trust: 1.0

vendor:huaweimodel:honor 6scope:lteversion:h60-l04c900b530

Trust: 1.0

vendor:huaweimodel:p8scope:lteversion:gra-ul00c00b230

Trust: 1.0

vendor:huaweimodel:mate 7scope:lteversion:mt7-l09c900b339

Trust: 1.0

vendor:huaweimodel:p8scope:lteversion:gra-ul00c432b220

Trust: 1.0

vendor:huaweimodel:honor 7scope:lteversion:plk-l01c432b190

Trust: 1.0

vendor:huaweimodel:honor 7scope:lteversion:plk-ul00c17b220

Trust: 1.0

vendor:huaweimodel:p8scope:lteversion:gra-cl00c92b230

Trust: 1.0

vendor:huaweimodel:p8 litescope:lteversion:ale-l21c432b214

Trust: 1.0

vendor:huaweimodel:g8scope:lteversion:rio-al00c00b220

Trust: 1.0

vendor:huaweimodel:honor 7scope:lteversion:plk-l01c432b187

Trust: 1.0

vendor:huaweimodel:mate sscope:lteversion:crr-cl00c92b172

Trust: 1.0

vendor:huaweimodel:p8scope:lteversion:gra-l09c432b222

Trust: 1.0

vendor:huaweimodel:shotxscope:lteversion:ath-al00c00b210

Trust: 1.0

vendor:huaweimodel:p8scope:lteversion:gra-tl00c01b230sp01

Trust: 1.0

vendor:huaweimodel:shotxscope:lteversion:ath-tl00c01b210

Trust: 1.0

vendor:huaweimodel:p8 litescope:lteversion:ale-ul00c00b250.

Trust: 1.0

vendor:huaweimodel:shotxscope:lteversion:ath-tl00hc01b210

Trust: 1.0

vendor:huaweimodel:mate sscope:lteversion:crr-tl00c01b172

Trust: 1.0

vendor:huaweimodel:shotxscope:lteversion:ath-al00c92b200

Trust: 1.0

vendor:huaweimodel:g8scope: - version: -

Trust: 0.8

vendor:huaweimodel:honor 6scope: - version: -

Trust: 0.8

vendor:huaweimodel:honor 7scope: - version: -

Trust: 0.8

vendor:huaweimodel:mate 7scope: - version: -

Trust: 0.8

vendor:huaweimodel:mate sscope: - version: -

Trust: 0.8

vendor:huaweimodel:p8 litescope: - version: -

Trust: 0.8

vendor:huaweimodel:p8scope: - version: -

Trust: 0.8

vendor:huaweimodel:shotxscope: - version: -

Trust: 0.8

vendor:huaweimodel:shotxscope:eqversion:ath-tl00hc01b210

Trust: 0.6

vendor:huaweimodel:shotxscope:eqversion:rio-al00c00b220

Trust: 0.6

vendor:huaweimodel:shotxscope:eqversion:ath-al00c00b210

Trust: 0.6

vendor:huaweimodel:shotxscope:eqversion:ath-tl00c01b210

Trust: 0.6

vendor:huaweimodel:g8scope:eqversion:rio-tl00c01b220

Trust: 0.6

vendor:huaweimodel:g8scope:eqversion:rio-cl00c92b220

Trust: 0.6

vendor:huaweimodel:shotxscope:eqversion:ath-cl00c92b210

Trust: 0.6

vendor:huaweimodel:g8scope:eqversion:rio-ul00c00b220

Trust: 0.6

vendor:huaweimodel:shotxscope:eqversion:ath-ul00c00b210

Trust: 0.6

vendor:huaweimodel:g8scope:eqversion:rio-al00c00b220

Trust: 0.6

vendor:huaweimodel:shotx ath-ul00c00b210scope: - version: -

Trust: 0.3

vendor:huaweimodel:shotx ath-tl00hc01b210scope: - version: -

Trust: 0.3

vendor:huaweimodel:shotx ath-tl00c01b210scope: - version: -

Trust: 0.3

vendor:huaweimodel:shotx ath-cl00c92b210scope: - version: -

Trust: 0.3

vendor:huaweimodel:shotx ath-al00c92b200scope: - version: -

Trust: 0.3

vendor:huaweimodel:shotx ath-al00c00b210scope: - version: -

Trust: 0.3

vendor:huaweimodel:p8 lite ale-ul00c00b250scope: - version: -

Trust: 0.3

vendor:huaweimodel:p8 lite ale-tl00c01b250scope: - version: -

Trust: 0.3

vendor:huaweimodel:p8 lite ale-l23c605b190scope: - version: -

Trust: 0.3

vendor:huaweimodel:p8 lite ale-l21c636b200scope: - version: -

Trust: 0.3

vendor:huaweimodel:p8 lite ale-l21c464b150scope: - version: -

Trust: 0.3

vendor:huaweimodel:p8 lite ale-l21c432b214scope: - version: -

Trust: 0.3

vendor:huaweimodel:p8 lite ale-l21c185b200scope: - version: -

Trust: 0.3

vendor:huaweimodel:p8 gra-ul00c00b230scope: - version: -

Trust: 0.3

vendor:huaweimodel:p8 gra-tl00c01b230sp01scope: - version: -

Trust: 0.3

vendor:huaweimodel:p8 gra-cl00c92b230scope: - version: -

Trust: 0.3

vendor:huaweimodel:mate s crr-ul00c00b172scope: - version: -

Trust: 0.3

vendor:huaweimodel:mate s crr-tl00c01b172scope: - version: -

Trust: 0.3

vendor:huaweimodel:mate s crr-cl00c92b172scope: - version: -

Trust: 0.3

vendor:huaweimodel:honor plk-ul00c17b220scope:eqversion:7

Trust: 0.3

vendor:huaweimodel:honor plk-tl01hc01b220scope:eqversion:7

Trust: 0.3

vendor:huaweimodel:honor plk-tl00c01b220scope:eqversion:7

Trust: 0.3

vendor:huaweimodel:honor plk-l01c636b130scope:eqversion:7

Trust: 0.3

vendor:huaweimodel:honor plk-l01c432b190scope:eqversion:7

Trust: 0.3

vendor:huaweimodel:honor plk-l01c432b187scope:eqversion:7

Trust: 0.3

vendor:huaweimodel:honor plk-l01c185b130scope:eqversion:7

Trust: 0.3

vendor:huaweimodel:honor plk-l01c10b140scope:eqversion:7

Trust: 0.3

vendor:huaweimodel:honor plk-al10c92b220scope:eqversion:7

Trust: 0.3

vendor:huaweimodel:honor plk-al10c00b220scope:eqversion:7

Trust: 0.3

vendor:huaweimodel:g8 rio-ul00c00b220scope: - version: -

Trust: 0.3

vendor:huaweimodel:g8 rio-tl00c01b220scope: - version: -

Trust: 0.3

vendor:huaweimodel:g8 rio-cl00c92b220scope: - version: -

Trust: 0.3

vendor:huaweimodel:g8 rio-al00c00b220scope: - version: -

Trust: 0.3

vendor:huaweimodel:emuiscope:eqversion:3.1

Trust: 0.3

vendor:huaweimodel:shotx ath-ul00c00b390scope:neversion: -

Trust: 0.3

vendor:huaweimodel:shotx ath-tl00hc01b390scope:neversion: -

Trust: 0.3

vendor:huaweimodel:shotx ath-tl00c01b390scope:neversion: -

Trust: 0.3

vendor:huaweimodel:shotx ath-cl00c92b380scope:neversion: -

Trust: 0.3

vendor:huaweimodel:shotx ath-al00c92b390scope:neversion: -

Trust: 0.3

vendor:huaweimodel:shotx ath-al00c00b390scope:neversion: -

Trust: 0.3

vendor:huaweimodel:p8 lite ale-ul00c00b571scope:neversion: -

Trust: 0.3

vendor:huaweimodel:p8 lite ale-tl00c01b575scope:neversion: -

Trust: 0.3

vendor:huaweimodel:p8 lite ale-l23c605b527scope:neversion: -

Trust: 0.3

vendor:huaweimodel:p8 lite ale-l21c636b563scope:neversion: -

Trust: 0.3

vendor:huaweimodel:p8 lite ale-l21c464b581scope:neversion: -

Trust: 0.3

vendor:huaweimodel:p8 lite ale-l21c432b585scope:neversion: -

Trust: 0.3

vendor:huaweimodel:p8 lite ale-l21c185b562scope:neversion: -

Trust: 0.3

vendor:huaweimodel:p8 gra-ul00c00b366scope:neversion: -

Trust: 0.3

vendor:huaweimodel:p8 gra-tl00c01b366scope:neversion: -

Trust: 0.3

vendor:huaweimodel:p8 gra-cl00c92b366scope:neversion: -

Trust: 0.3

vendor:huaweimodel:mate s crr-ul00c00b368scope:neversion: -

Trust: 0.3

vendor:huaweimodel:mate s crr-tl00c01b368scope:neversion: -

Trust: 0.3

vendor:huaweimodel:mate s crr-cl00c92b368scope:neversion: -

Trust: 0.3

vendor:huaweimodel:honor plk-ul00c17b382scope:neversion:7

Trust: 0.3

vendor:huaweimodel:honor plk-tl01hc01b382scope:neversion:7

Trust: 0.3

vendor:huaweimodel:honor plk-tl00c01b382scope:neversion:7

Trust: 0.3

vendor:huaweimodel:honor plk-l01c636b350scope:neversion:7

Trust: 0.3

vendor:huaweimodel:honor plk-l01c432b380scope:neversion:7

Trust: 0.3

vendor:huaweimodel:honor plk-l01c185b380scope:neversion:7

Trust: 0.3

vendor:huaweimodel:honor plk-l01c10b331scope:neversion:7

Trust: 0.3

vendor:huaweimodel:honor plk-cl00c92b382scope:neversion:7

Trust: 0.3

vendor:huaweimodel:honor plk-al10c92b382scope:neversion:7

Trust: 0.3

vendor:huaweimodel:honor plk-al10c00b382scope:neversion:7

Trust: 0.3

vendor:huaweimodel:g8 rio-ul00c00b390scope:neversion: -

Trust: 0.3

vendor:huaweimodel:g8 rio-tl00c01b390scope:neversion: -

Trust: 0.3

vendor:huaweimodel:g8 rio-cl00c92b390scope:neversion: -

Trust: 0.3

vendor:huaweimodel:g8 rio-al00c00b390scope:neversion: -

Trust: 0.3

sources: BID: 95919 // JVNDB: JVNDB-2017-010502 // CNNVD: CNNVD-201702-249 // NVD: CVE-2017-2693

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-2693
value: HIGH

Trust: 1.0

NVD: CVE-2017-2693
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201702-249
value: MEDIUM

Trust: 0.6

VULHUB: VHN-110896
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-2693
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-110896
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-2693
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-110896 // JVNDB: JVNDB-2017-010502 // CNNVD: CNNVD-201702-249 // NVD: CVE-2017-2693

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.9

sources: VULHUB: VHN-110896 // JVNDB: JVNDB-2017-010502 // NVD: CVE-2017-2693

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201702-249

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-201702-249

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-010502

PATCH
title:huawei-sa-20170125-01-emuiurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170125-01-emui-en
Trust: 0.8
title:Huawei EMUI Repair measures for path traversal vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=67640
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-010502 // 
            
            
            
            CNNVD: CNNVD-201702-249

EXTERNAL IDS
db:NVDid:CVE-2017-2693
Trust: 2.8
db:BIDid:95919
Trust: 2.0
db:JVNDBid:JVNDB-2017-010502
Trust: 0.8
db:CNNVDid:CNNVD-201702-249
Trust: 0.7
db:VULHUBid:VHN-110896
Trust: 0.1
sources:
            
            
            VULHUB: VHN-110896 // 
            
            
            
            BID: 95919 // 
            
            
            
            JVNDB: JVNDB-2017-010502 // 
            
            
            
            CNNVD: CNNVD-201702-249 // 
            
            
            
            NVD: CVE-2017-2693

REFERENCES
url:http://www.securityfocus.com/bid/95919
Trust: 1.7
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170125-01-emui-en
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2693
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-2693
Trust: 0.8
url:http://www.huawei.com/en/
Trust: 0.3
url:http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170125-01-emui-en
Trust: 0.3
sources:
            
            
            VULHUB: VHN-110896 // 
            
            
            
            BID: 95919 // 
            
            
            
            JVNDB: JVNDB-2017-010502 // 
            
            
            
            CNNVD: CNNVD-201702-249 // 
            
            
            
            NVD: CVE-2017-2693

CREDITS
Flanker from the Keen Security Lab of Tencent.
Trust: 0.9
sources:
            
            
            BID: 95919 // 
            
            
            
            CNNVD: CNNVD-201702-249

SOURCES
db:VULHUBid:VHN-110896
db:BIDid:95919
db:JVNDBid:JVNDB-2017-010502
db:CNNVDid:CNNVD-201702-249
db:NVDid:CVE-2017-2693

LAST UPDATE DATE
2024-08-14T14:27:01.631000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-110896date:2017-12-07T00:00:00
db:BIDid:95919date:2017-02-02T00:09:00
db:JVNDBid:JVNDB-2017-010502date:2017-12-15T00:00:00
db:CNNVDid:CNNVD-201702-249date:2017-12-26T00:00:00
db:NVDid:CVE-2017-2693date:2017-12-07T18:58:08.093

SOURCES RELEASE DATE
db:VULHUBid:VHN-110896date:2017-11-22T00:00:00
db:BIDid:95919date:2017-01-25T00:00:00
db:JVNDBid:JVNDB-2017-010502date:2017-12-15T00:00:00
db:CNNVDid:CNNVD-201702-249date:2017-01-25T00:00:00
db:NVDid:CVE-2017-2693date:2017-11-22T19:29:00.367