Lucene search

[email protected]CVE-2017-2692

HistoryNov 22, 2017 - 7:29 p.m.

CVE-2017-2692

2017-11-2219:29:00

CWE-77

[email protected]

web.nvd.nist.gov

cve-2017-2692

keyguard

huawei

privilege elevation

vulnerability

command injection

nvd

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.5%

JSON

The Keyguard application in ALE-L02C635B140 and earlier versions,ALE-L02C636B140 and earlier versions,ALE-L21C10B150 and earlier versions,ALE-L21C185B200 and earlier versions,ALE-L21C432B214 and earlier versions,ALE-L21C464B150 and earlier versions,ALE-L21C636B200 and earlier versions,ALE-L23C605B190 and earlier versions,ALE-TL00C01B250 and earlier versions,ALE-UL00C00B250 and earlier versions,MT7-L09C605B325 and earlier versions,MT7-L09C900B339 and earlier versions,MT7-TL10C900B339 and earlier versions,CRR-CL00C92B172 and earlier versions,CRR-L09C432B180 and earlier versions,CRR-TL00C01B172 and earlier versions,CRR-UL00C00B172 and earlier versions,CRR-UL20C432B171 and earlier versions,GRA-CL00C92B230 and earlier versions,GRA-L09C432B222 and earlier versions,GRA-TL00C01B230SP01 and earlier versions,GRA-UL00C00B230 and earlier versions,GRA-UL00C10B201 and earlier versions,GRA-UL00C432B220 and earlier versions,H60-L04C10B523 and earlier versions,H60-L04C185B523 and earlier versions,H60-L04C636B527 and earlier versions,H60-L04C900B530 and earlier versions,PLK-AL10C00B220 and earlier versions,PLK-AL10C92B220 and earlier versions,PLK-CL00C92B220 and earlier versions,PLK-L01C10B140 and earlier versions,PLK-L01C185B130 and earlier versions,PLK-L01C432B187 and earlier versions,PLK-L01C432B190 and earlier versions,PLK-L01C432B190 and earlier versions,PLK-L01C636B130 and earlier versions,PLK-TL00C01B220 and earlier versions,PLK-TL01HC01B220 and earlier versions,PLK-UL00C17B220 and earlier versions,ATH-AL00C00B210 and earlier versions,ATH-AL00C92B200 and earlier versions,ATH-CL00C92B210 and earlier versions,ATH-TL00C01B210 and earlier versions,ATH-TL00HC01B210 and earlier versions,ATH-UL00C00B210 and earlier versions,RIO-AL00C00B220 and earlier versions,RIO-CL00C92B220 and earlier versions,RIO-TL00C01B220 and earlier versions,RIO-UL00C00B220 and earlier versions have a privilege elevation vulnerability. An attacker may exploit it to launch command injection in order to gain elevated privileges.

Affected configurations

NVD

Node

huaweip8_lite_firmwareRange≤ale-l02c635b140

AND

huaweip8_liteMatch-

Node

huaweip8_lite_firmwareRange≤ale-l02c636b140

AND

huaweip8_liteMatch-

Node

huaweip8_lite_firmwareRange≤ale-l21c10b150

AND

huaweip8_liteMatch-

Node

huaweip8_lite_firmwareRange≤ale-l21c185b200

AND

huaweip8_liteMatch-

Node

huaweip8_lite_firmwareRange≤ale-l21c432b214

AND

huaweip8_liteMatch-

Node

huaweip8_lite_firmwareRange≤ale-l21c464b150

AND

huaweip8_liteMatch-

Node

huaweip8_lite_firmwareRange≤ale-l21c636b200

AND

huaweip8_liteMatch-

Node

huaweip8_lite_firmwareRange≤ale-l23c605b190

AND

huaweip8_liteMatch-

Node

huaweip8_lite_firmwareRange≤ale-tl00c01b250

AND

huaweip8_liteMatch-

Node

huaweip8_lite_firmwareRange≤ale-ul00c00b250.

AND

huaweip8_liteMatch-

Node

huaweimate_7_firmwareRange≤mt7-l09c605b325

AND

huaweimate_7Match-

Node

huaweimate_7_firmwareRange≤mt7-l09c900b339

AND

huaweimate_7Match-

Node

huaweimate_7_firmwareRange≤mt7-tl10c900b339

AND

huaweimate_7Match-

Node

huaweimate_s_firmwareRange≤crr-cl00c92b172

AND

huaweimate_sMatch-

Node

huaweimate_s_firmwareRange≤crr-l09c432b180

AND

huaweimate_sMatch-

Node

huaweimate_s_firmwareRange≤crr-tl00c01b172

AND

huaweimate_sMatch-

Node

huaweimate_s_firmwareRange≤crr-ul00c00b172

AND

huaweimate_sMatch-

Node

huaweimate_s_firmwareRange≤crr-ul20c432b171

AND

huaweimate_sMatch-

Node

huaweip8_firmwareRange≤gra-cl00c92b230

AND

huaweip8Match-

Node

huaweip8_firmwareRange≤gra-l09c432b222

AND

huaweip8Match-

Node

huaweip8_firmwareRange≤gra-tl00c01b230sp01

AND

huaweip8Match-

Node

huaweip8_firmwareRange≤gra-ul00c00b230

AND

huaweip8Match-

Node

huaweip8_firmwareRange≤gra-ul00c10b201

AND

huaweip8Match-

Node

huaweip8_firmwareRange≤gra-ul00c432b220

AND

huaweip8Match-

Node

huaweihonor_6_firmwareRange≤h60-l04c10b523

AND

huaweihonor_6Match-

Node

huaweihonor_6_firmwareRange≤h60-l04c185b523

AND

huaweihonor_6Match-

Node

huaweihonor_6_firmwareRange≤h60-l04c636b527

AND

huaweihonor_6Match-

Node

huaweihonor_6_firmwareRange≤h60-l04c900b530

AND

huaweihonor_6Match-

Node

huaweihonor_7_firmwareRange≤plk-al10c00b220

AND

huaweihonor_7Match-

Node

huaweihonor_7_firmwareRange≤plk-al10c92b220

AND

huaweihonor_7Match-

Node

huaweihonor_7_firmwareRange≤plk-cl00c92b220

AND

huaweihonor_7Match-

Node

huaweihonor_7_firmwareRange≤plk-l01c10b140

AND

huaweihonor_7Match-

Node

huaweihonor_7_firmwareRange≤plk-l01c10b140

AND

huaweihonor_7Match-

Node

huaweihonor_7_firmwareRange≤plk-l01c432b187

AND

huaweihonor_7Match-

Node

huaweihonor_7_firmwareRange≤plk-l01c432b190

AND

huaweihonor_7Match-

Node

huaweihonor_7_firmwareRange≤plk-l01c636b130

AND

huaweihonor_7Match-

Node

huaweihonor_7_firmwareRange≤plk-tl00c01b220

AND

huaweihonor_7Match-

Node

huaweihonor_7_firmwareRange≤plk-tl01hc01b220

AND

huaweihonor_7Match-

Node

huaweihonor_7_firmwareRange≤plk-ul00c17b220

AND

huaweihonor_7Match-

Node

huaweishotx_firmwareRange≤ath-al00c92b200

AND

huaweishotxMatch-

Node

huaweishotx_firmwareRange≤ath-cl00c92b210

AND

huaweishotxMatch-

Node

huaweishotx_firmwareRange≤ath-tl00c01b210

AND

huaweishotxMatch-

Node

huaweishotx_firmwareRange≤ath-tl00hc01b210

AND

huaweishotxMatch-

Node

huaweishotx_firmwareRange≤ath-ul00c00b210

AND

huaweishotxMatch-

Node

huaweishotx_firmwareRange≤rio-al00c00b220

AND

huaweishotxMatch-

Node

huaweishotx_firmwareRange≤ath-al00c00b210

AND

huaweishotxMatch-

Node

huaweig8_firmwareRange≤rio-al00c00b220

AND

huaweig8Match-

Node

huaweig8_firmwareRange≤rio-cl00c92b220

AND

huaweig8Match-

Node

huaweig8_firmwareRange≤rio-tl00c01b220

AND

huaweig8Match-

Node

huaweig8_firmwareRange≤rio-ul00c00b220

AND

huaweig8Match-

CPENameOperatorVersion
huawei:p8_lite_firmwarehuawei p8 lite firmwareleale-l02c635b140

CPE	Name	Operator	Version
huawei:p8_lite_firmware	huawei p8 lite firmware	le	ale-l02c635b140

CNA Affected

[
  {
    "product": "P8 Lite,Mate 7,Mate S,P8,honor 6,honor 7,SHOTX,G8,",
    "vendor": "Huawei Technologies Co., Ltd.",
    "versions": [
      {
        "status": "affected",
        "version": "ALE-L02C635B140 and earlier versions,ALE-L02C636B140 and earlier versions,ALE-L21C10B150 and earlier versions,ALE-L21C185B200 and earlier versions,ALE-L21C432B214 and earlier versions,ALE-L21C464B150 and earlier versions,ALE-L21C636B200 and earlier versions,ALE-L23C605B190 and earlier versions,ALE-TL00C01B250 and earlier versions,ALE-UL00C00B250 and earlier versions,MT7-L09C605B325 and earlier versions,MT7-L09C900B339 and earlier versions,MT7-TL10C900B339 and earlier versions,CRR-CL00C92B172 and earlier versions,CRR-L09C432B180 and earlier versions,CRR-TL00C01B172 and earlier versions,CRR-UL00C00B172 and earlier versions,CRR-UL20C432B171 and earlier versions,GRA-CL00C92B230 and earlier versions,GRA-L09C432B222 and earlier versions,GRA-TL00C01B230SP01 and earlier versions,GRA-UL00C00B230 and earlier versions,GRA-UL00C10B201 and earlier versions,GRA-UL00C432B220 and earlier versions,H60-L04C10B523 and earlier versions,H60-L04C185B523 and earlier versions,H60-L04C636B527 and earlier versions,H60- ...[truncated*]"
      }
    ]
  }
]

References

www.huawei.com/en/psirt/security-advisories/huawei-sa-20170125-01-emui-en

www.securityfocus.com/bid/95919

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.5%

JSON

Related for CVE-2017-2692

prion1 nvd1 cvelist1 huawei1