CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
26.7%
Huawei EMUI3.1 has two vulnerabilities.
The Keyguard application in Huawei EMUI3.1 has a privilege elevation vulnerability due to insufficient validation on specific parameters. An attacker may trick a user into installing a malicious application. Successful exploit could allow the attacker to launch command injection to gain elevated privileges. (Vulnerability ID: HWPSIRT-2017-01086)
This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-2692.
Huawei EMUI3.1 has a path traversal vulnerability due to insufficient path check during the decompression of files of specific types. An attacker may trick a user into downloading and installing malicious software. Successful exploit could allow the attacker to decompress malicious files into a target path. (Vulnerability ID: HWPSIRT-2017-01097)
This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-2693.
Huawei has released software updates to fix these two vulnerabilities. This advisory is available at the following link: <http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20170125-01-emui-cn>
Vendor | Product | Version | CPE |
---|---|---|---|
huawei | p8_lite_firmware | * | cpe:2.3:o:huawei:p8_lite_firmware:*:*:*:*:*:*:*:* |
huawei | mate_7_firmware | * | cpe:2.3:o:huawei:mate_7_firmware:*:*:*:*:*:*:*:* |
huawei | mate_s_firmware | * | cpe:2.3:a:huawei:mate_s_firmware:*:*:*:*:*:*:*:* |
huawei | p8_firmware | * | cpe:2.3:o:huawei:p8_firmware:*:*:*:*:*:*:*:* |
huawei | honor_6_firmware | * | cpe:2.3:o:huawei:honor_6_firmware:*:*:*:*:*:*:*:* |
huawei | honor_7_firmware | * | cpe:2.3:o:huawei:honor_7_firmware:*:*:*:*:*:*:*:* |
huawei | shotx_firmware | * | cpe:2.3:o:huawei:shotx_firmware:*:*:*:*:*:*:*:* |
huawei | g8_firmware | * | cpe:2.3:o:huawei:g8_firmware:*:*:*:*:*:*:*:* |
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
26.7%