Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2017-2692

The Keyguard application in ALE-L02C635B140 and earlier versions,ALE-L02C636B140 and earlier versions,ALE-L21C10B150 and earlier versions,ALE-L21C185B200 and earlier versions,ALE-L21C432B214 and earlier versions,ALE-L21C464B150 and earlier versions,ALE-L21C636B200 and earlier versions,ALE-L23C605B190 and earlier versions,ALE-TL00C01B250 and earlier versions,ALE-UL00C00B250 and earlier versions,MT7-L09C605B325 and earlier versions,MT7-L09C900B339 and earlier versions,MT7-TL10C900B339 and earlier versions,CRR-CL00C92B172 and earlier versions,CRR-L09C432B180 and earlier versions,CRR-TL00C01B172 and earlier versions,CRR-UL00C00B172 and earlier versions,CRR-UL20C432B171 and earlier versions,GRA-CL00C92B230 and earlier versions,GRA-L09C432B222 and earlier versions,GRA-TL00C01B230SP01 and earlier versions,GRA-UL00C00B230 and earlier versions,GRA-UL00C10B201 and earlier versions,GRA-UL00C432B220 and earlier versions,H60-L04C10B523 and earlier versions,H60-L04C185B523 and earlier versions,H60-L04C636B527 and earlier versions,H60-L04C900B530 and earlier versions,PLK-AL10C00B220 and earlier versions,PLK-AL10C92B220 and earlier versions,PLK-CL00C92B220 and earlier versions,PLK-L01C10B140 and earlier versions,PLK-L01C185B130 and earlier versions,PLK-L01C432B187 and earlier versions,PLK-L01C432B190 and earlier versions,PLK-L01C432B190 and earlier versions,PLK-L01C636B130 and earlier versions,PLK-TL00C01B220 and earlier versions,PLK-TL01HC01B220 and earlier versions,PLK-UL00C17B220 and earlier versions,ATH-AL00C00B210 and earlier versions,ATH-AL00C92B200 and earlier versions,ATH-CL00C92B210 and earlier versions,ATH-TL00C01B210 and earlier versions,ATH-TL00HC01B210 and earlier versions,ATH-UL00C00B210 and earlier versions,RIO-AL00C00B220 and earlier versions,RIO-CL00C92B220 and earlier versions,RIO-TL00C01B220 and earlier versions,RIO-UL00C00B220 and earlier versions have a privilege elevation vulnerability. An attacker may exploit it to launch command injection in order to gain elevated privileges.

Published

2017-11-22T19:29:00.333

Last Modified

2025-04-20T01:37:25.860

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 7.8 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

8.6

Impact Score

6.4

Weaknesses

Type: Primary
CWE-77

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	huawei	p8_lite_firmware	≤ ale-l02c635b140	Yes
Hardware	huawei	p8_lite	-	No
Operating System	huawei	p8_lite_firmware	≤ ale-l02c636b140	Yes
Hardware	huawei	p8_lite	-	No
Operating System	huawei	p8_lite_firmware	≤ ale-l21c10b150	Yes
Hardware	huawei	p8_lite	-	No
Operating System	huawei	p8_lite_firmware	≤ ale-l21c185b200	Yes
Hardware	huawei	p8_lite	-	No
Operating System	huawei	p8_lite_firmware	≤ ale-l21c432b214	Yes
Hardware	huawei	p8_lite	-	No
Operating System	huawei	p8_lite_firmware	≤ ale-l21c464b150	Yes
Hardware	huawei	p8_lite	-	No
Operating System	huawei	p8_lite_firmware	≤ ale-l21c636b200	Yes
Hardware	huawei	p8_lite	-	No
Operating System	huawei	p8_lite_firmware	≤ ale-l23c605b190	Yes
Hardware	huawei	p8_lite	-	No
Operating System	huawei	p8_lite_firmware	≤ ale-tl00c01b250	Yes
Hardware	huawei	p8_lite	-	No
Operating System	huawei	p8_lite_firmware	≤ ale-ul00c00b250.	Yes
Hardware	huawei	p8_lite	-	No
Operating System	huawei	mate_7_firmware	≤ mt7-l09c605b325	Yes
Hardware	huawei	mate_7	-	No
Operating System	huawei	mate_7_firmware	≤ mt7-l09c900b339	Yes
Hardware	huawei	mate_7	-	No
Operating System	huawei	mate_7_firmware	≤ mt7-tl10c900b339	Yes
Hardware	huawei	mate_7	-	No
Operating System	huawei	mate_s_firmware	≤ crr-cl00c92b172	Yes
Hardware	huawei	mate_s	-	No
Operating System	huawei	mate_s_firmware	≤ crr-l09c432b180	Yes
Hardware	huawei	mate_s	-	No
Operating System	huawei	mate_s_firmware	≤ crr-tl00c01b172	Yes
Hardware	huawei	mate_s	-	No
Operating System	huawei	mate_s_firmware	≤ crr-ul00c00b172	Yes
Hardware	huawei	mate_s	-	No
Operating System	huawei	mate_s_firmware	≤ crr-ul20c432b171	Yes
Hardware	huawei	mate_s	-	No
Operating System	huawei	p8_firmware	≤ gra-cl00c92b230	Yes
Hardware	huawei	p8	-	No
Operating System	huawei	p8_firmware	≤ gra-l09c432b222	Yes
Hardware	huawei	p8	-	No
Operating System	huawei	p8_firmware	≤ gra-tl00c01b230sp01	Yes
Hardware	huawei	p8	-	No
Operating System	huawei	p8_firmware	≤ gra-ul00c00b230	Yes
Hardware	huawei	p8	-	No
Operating System	huawei	p8_firmware	≤ gra-ul00c10b201	Yes
Hardware	huawei	p8	-	No
Operating System	huawei	p8_firmware	≤ gra-ul00c432b220	Yes
Hardware	huawei	p8	-	No
Operating System	huawei	honor_6_firmware	≤ h60-l04c10b523	Yes
Hardware	huawei	honor_6	-	No
Operating System	huawei	honor_6_firmware	≤ h60-l04c185b523	Yes
Hardware	huawei	honor_6	-	No
Operating System	huawei	honor_6_firmware	≤ h60-l04c636b527	Yes
Hardware	huawei	honor_6	-	No
Operating System	huawei	honor_6_firmware	≤ h60-l04c900b530	Yes
Hardware	huawei	honor_6	-	No
Operating System	huawei	honor_7_firmware	≤ plk-al10c00b220	Yes
Hardware	huawei	honor_7	-	No
Operating System	huawei	honor_7_firmware	≤ plk-al10c92b220	Yes
Hardware	huawei	honor_7	-	No
Operating System	huawei	honor_7_firmware	≤ plk-cl00c92b220	Yes
Hardware	huawei	honor_7	-	No
Operating System	huawei	honor_7_firmware	≤ plk-l01c10b140	Yes
Hardware	huawei	honor_7	-	No
Operating System	huawei	honor_7_firmware	≤ plk-l01c10b140	Yes
Hardware	huawei	honor_7	-	No
Operating System	huawei	honor_7_firmware	≤ plk-l01c432b187	Yes
Hardware	huawei	honor_7	-	No
Operating System	huawei	honor_7_firmware	≤ plk-l01c432b190	Yes
Hardware	huawei	honor_7	-	No
Operating System	huawei	honor_7_firmware	≤ plk-l01c636b130	Yes
Hardware	huawei	honor_7	-	No
Operating System	huawei	honor_7_firmware	≤ plk-tl00c01b220	Yes
Hardware	huawei	honor_7	-	No
Operating System	huawei	honor_7_firmware	≤ plk-tl01hc01b220	Yes
Hardware	huawei	honor_7	-	No
Operating System	huawei	honor_7_firmware	≤ plk-ul00c17b220	Yes
Hardware	huawei	honor_7	-	No
Operating System	huawei	shotx_firmware	≤ ath-al00c92b200	Yes
Hardware	huawei	shotx	-	No
Operating System	huawei	shotx_firmware	≤ ath-cl00c92b210	Yes
Hardware	huawei	shotx	-	No
Operating System	huawei	shotx_firmware	≤ ath-tl00c01b210	Yes
Hardware	huawei	shotx	-	No
Operating System	huawei	shotx_firmware	≤ ath-tl00hc01b210	Yes
Hardware	huawei	shotx	-	No
Operating System	huawei	shotx_firmware	≤ ath-ul00c00b210	Yes
Hardware	huawei	shotx	-	No
Operating System	huawei	shotx_firmware	≤ rio-al00c00b220	Yes
Hardware	huawei	shotx	-	No
Operating System	huawei	shotx_firmware	≤ ath-al00c00b210	Yes
Hardware	huawei	shotx	-	No
Operating System	huawei	g8_firmware	≤ rio-al00c00b220	Yes
Hardware	huawei	g8	-	No
Operating System	huawei	g8_firmware	≤ rio-cl00c92b220	Yes
Hardware	huawei	g8	-	No
Operating System	huawei	g8_firmware	≤ rio-tl00c01b220	Yes
Hardware	huawei	g8	-	No
Operating System	huawei	g8_firmware	≤ rio-ul00c00b220	Yes
Hardware	huawei	g8	-	No

References

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170125-01-emui-en Issue Tracking, Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/95919 Third Party Advisory, VDB Entry ([email protected])
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170125-01-emui-en Issue Tracking, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/95919 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)