CVE-2017-2692

CVSS V2 Medium 6.8 CVSS V3 High 7.8

Description

The Keyguard application in ALE-L02C635B140 and earlier versions,ALE-L02C636B140 and earlier versions,ALE-L21C10B150 and earlier versions,ALE-L21C185B200 and earlier versions,ALE-L21C432B214 and earlier versions,ALE-L21C464B150 and earlier versions,ALE-L21C636B200 and earlier versions,ALE-L23C605B190 and earlier versions,ALE-TL00C01B250 and earlier versions,ALE-UL00C00B250 and earlier versions,MT7-L09C605B325 and earlier versions,MT7-L09C900B339 and earlier versions,MT7-TL10C900B339 and earlier versions,CRR-CL00C92B172 and earlier versions,CRR-L09C432B180 and earlier versions,CRR-TL00C01B172 and earlier versions,CRR-UL00C00B172 and earlier versions,CRR-UL20C432B171 and earlier versions,GRA-CL00C92B230 and earlier versions,GRA-L09C432B222 and earlier versions,GRA-TL00C01B230SP01 and earlier versions,GRA-UL00C00B230 and earlier versions,GRA-UL00C10B201 and earlier versions,GRA-UL00C432B220 and earlier versions,H60-L04C10B523 and earlier versions,H60-L04C185B523 and earlier versions,H60-L04C636B527 and earlier versions,H60-L04C900B530 and earlier versions,PLK-AL10C00B220 and earlier versions,PLK-AL10C92B220 and earlier versions,PLK-CL00C92B220 and earlier versions,PLK-L01C10B140 and earlier versions,PLK-L01C185B130 and earlier versions,PLK-L01C432B187 and earlier versions,PLK-L01C432B190 and earlier versions,PLK-L01C432B190 and earlier versions,PLK-L01C636B130 and earlier versions,PLK-TL00C01B220 and earlier versions,PLK-TL01HC01B220 and earlier versions,PLK-UL00C17B220 and earlier versions,ATH-AL00C00B210 and earlier versions,ATH-AL00C92B200 and earlier versions,ATH-CL00C92B210 and earlier versions,ATH-TL00C01B210 and earlier versions,ATH-TL00HC01B210 and earlier versions,ATH-UL00C00B210 and earlier versions,RIO-AL00C00B220 and earlier versions,RIO-CL00C92B220 and earlier versions,RIO-TL00C01B220 and earlier versions,RIO-UL00C00B220 and earlier versions have a privilege elevation vulnerability. An attacker may exploit it to launch command injection in order to gain elevated privileges.

Overview

CVE ID
CVE-2017-2692

Assigner
psirt@huawei.com

Vulnerability Status
Analyzed

Published Version
2017-11-22T19:29:00

Last Modified Date
2017-12-07T18:56:07

Weakness Enumerations

CWE	URL
CWE-77	http://cwe.mitre.org/data/definitions/77.html

CPE Configuration (Product)

CPE	Vulnerable	Operator	Version End
		AND
cpe:2.3:o:huawei:p8_lite_firmware::::::::	1	OR	ale-l02c635b140
cpe:2.3:h:huawei:p8_lite:-:::::::*	0	OR
		AND
cpe:2.3:o:huawei:p8_lite_firmware::::::::	1	OR	ale-l02c636b140
cpe:2.3:h:huawei:p8_lite:-:::::::*	0	OR
		AND
cpe:2.3:o:huawei:p8_lite_firmware::::::::	1	OR	ale-l21c10b150
cpe:2.3:h:huawei:p8_lite:-:::::::*	0	OR
		AND
cpe:2.3:o:huawei:p8_lite_firmware::::::::	1	OR	ale-l21c185b200
cpe:2.3:h:huawei:p8_lite:-:::::::*	0	OR
		AND
cpe:2.3:o:huawei:p8_lite_firmware::::::::	1	OR	ale-l21c432b214
cpe:2.3:h:huawei:p8_lite:-:::::::*	0	OR
		AND
cpe:2.3:o:huawei:p8_lite_firmware::::::::	1	OR	ale-l21c464b150
cpe:2.3:h:huawei:p8_lite:-:::::::*	0	OR
		AND
cpe:2.3:o:huawei:p8_lite_firmware::::::::	1	OR	ale-l21c636b200
cpe:2.3:h:huawei:p8_lite:-:::::::*	0	OR
		AND
cpe:2.3:o:huawei:p8_lite_firmware::::::::	1	OR	ale-l23c605b190
cpe:2.3:h:huawei:p8_lite:-:::::::*	0	OR
		AND
cpe:2.3:o:huawei:p8_lite_firmware::::::::	1	OR	ale-tl00c01b250
cpe:2.3:h:huawei:p8_lite:-:::::::*	0	OR
		AND
cpe:2.3:o:huawei:p8_lite_firmware::::::::	1	OR	ale-ul00c00b250.
cpe:2.3:h:huawei:p8_lite:-:::::::*	0	OR
		AND
cpe:2.3:o:huawei:mate_7_firmware::::::::	1	OR	mt7-l09c605b325
cpe:2.3:h:huawei:mate_7:-:::::::*	0	OR
		AND
cpe:2.3:o:huawei:mate_7_firmware::::::::	1	OR	mt7-l09c900b339
cpe:2.3:h:huawei:mate_7:-:::::::*	0	OR
		AND
cpe:2.3:o:huawei:mate_7_firmware::::::::	1	OR	mt7-tl10c900b339
cpe:2.3:h:huawei:mate_7:-:::::::*	0	OR
		AND
cpe:2.3:o:huawei:mate_s_firmware::::::::	1	OR	crr-cl00c92b172
cpe:2.3:h:huawei:mate_s:-:::::::*	0	OR
		AND
cpe:2.3:o:huawei:mate_s_firmware::::::::	1	OR	crr-l09c432b180
cpe:2.3:h:huawei:mate_s:-:::::::*	0	OR
		AND
cpe:2.3:o:huawei:mate_s_firmware::::::::	1	OR	crr-tl00c01b172
cpe:2.3:h:huawei:mate_s:-:::::::*	0	OR
		AND
cpe:2.3:o:huawei:mate_s_firmware::::::::	1	OR	crr-ul00c00b172
cpe:2.3:h:huawei:mate_s:-:::::::*	0	OR
		AND
cpe:2.3:o:huawei:mate_s_firmware::::::::	1	OR	crr-ul20c432b171
cpe:2.3:h:huawei:mate_s:-:::::::*	0	OR
		AND
cpe:2.3:o:huawei:p8_firmware::::::::	1	OR	gra-cl00c92b230
cpe:2.3:h:huawei:p8:-:::::::*	0	OR
		AND
cpe:2.3:o:huawei:p8_firmware::::::::	1	OR	gra-l09c432b222
cpe:2.3:h:huawei:p8:-:::::::*	0	OR
		AND
cpe:2.3:o:huawei:p8_firmware::::::::	1	OR	gra-tl00c01b230sp01
cpe:2.3:h:huawei:p8:-:::::::*	0	OR
		AND
cpe:2.3:o:huawei:p8_firmware::::::::	1	OR	gra-ul00c00b230
cpe:2.3:h:huawei:p8:-:::::::*	0	OR
		AND
cpe:2.3:o:huawei:p8_firmware::::::::	1	OR	gra-ul00c10b201
cpe:2.3:h:huawei:p8:-:::::::*	0	OR
		AND
cpe:2.3:o:huawei:p8_firmware::::::::	1	OR	gra-ul00c432b220
cpe:2.3:h:huawei:p8:-:::::::*	0	OR
		AND
cpe:2.3:o:huawei:honor_6_firmware::::::::	1	OR	h60-l04c10b523
cpe:2.3:h:huawei:honor_6:-:::::::*	0	OR
		AND
cpe:2.3:o:huawei:honor_6_firmware::::::::	1	OR	h60-l04c185b523
cpe:2.3:h:huawei:honor_6:-:::::::*	0	OR
		AND
cpe:2.3:o:huawei:honor_6_firmware::::::::	1	OR	h60-l04c636b527
cpe:2.3:h:huawei:honor_6:-:::::::*	0	OR
		AND
cpe:2.3:o:huawei:honor_6_firmware::::::::	1	OR	h60-l04c900b530
cpe:2.3:h:huawei:honor_6:-:::::::*	0	OR
		AND
cpe:2.3:o:huawei:honor_7_firmware::::::::	1	OR	plk-al10c00b220
cpe:2.3:h:huawei:honor_7:-:::::::*	0	OR
		AND
cpe:2.3:o:huawei:honor_7_firmware::::::::	1	OR	plk-al10c92b220
cpe:2.3:h:huawei:honor_7:-:::::::*	0	OR
		AND
cpe:2.3:o:huawei:honor_7_firmware::::::::	1	OR	plk-cl00c92b220
cpe:2.3:h:huawei:honor_7:-:::::::*	0	OR
		AND
cpe:2.3:o:huawei:honor_7_firmware::::::::	1	OR	plk-l01c10b140
cpe:2.3:h:huawei:honor_7:-:::::::*	0	OR
		AND
cpe:2.3:o:huawei:honor_7_firmware::::::::	1	OR	plk-l01c10b140
cpe:2.3:h:huawei:honor_7:-:::::::*	0	OR
		AND
cpe:2.3:o:huawei:honor_7_firmware::::::::	1	OR	plk-l01c432b187
cpe:2.3:h:huawei:honor_7:-:::::::*	0	OR
		AND
cpe:2.3:o:huawei:honor_7_firmware::::::::	1	OR	plk-l01c432b190
cpe:2.3:h:huawei:honor_7:-:::::::*	0	OR
		AND
cpe:2.3:o:huawei:honor_7_firmware::::::::	1	OR	plk-l01c636b130
cpe:2.3:h:huawei:honor_7:-:::::::*	0	OR
		AND
cpe:2.3:o:huawei:honor_7_firmware::::::::	1	OR	plk-tl00c01b220
cpe:2.3:h:huawei:honor_7:-:::::::*	0	OR
		AND
cpe:2.3:o:huawei:honor_7_firmware::::::::	1	OR	plk-tl01hc01b220
cpe:2.3:h:huawei:honor_7:-:::::::*	0	OR
		AND
cpe:2.3:o:huawei:honor_7_firmware::::::::	1	OR	plk-ul00c17b220
cpe:2.3:h:huawei:honor_7:-:::::::*	0	OR
		AND
cpe:2.3:o:huawei:shotx_firmware::::::::	1	OR	ath-al00c92b200
cpe:2.3:h:huawei:shotx:-:::::::*	0	OR
		AND
cpe:2.3:o:huawei:shotx_firmware::::::::	1	OR	ath-cl00c92b210
cpe:2.3:h:huawei:shotx:-:::::::*	0	OR
		AND
cpe:2.3:o:huawei:shotx_firmware::::::::	1	OR	ath-tl00c01b210
cpe:2.3:h:huawei:shotx:-:::::::*	0	OR
		AND
cpe:2.3:o:huawei:shotx_firmware::::::::	1	OR	ath-tl00hc01b210
cpe:2.3:h:huawei:shotx:-:::::::*	0	OR
		AND
cpe:2.3:o:huawei:shotx_firmware::::::::	1	OR	ath-ul00c00b210
cpe:2.3:h:huawei:shotx:-:::::::*	0	OR
		AND
cpe:2.3:o:huawei:shotx_firmware::::::::	1	OR	rio-al00c00b220
cpe:2.3:h:huawei:shotx:-:::::::*	0	OR
		AND
cpe:2.3:o:huawei:shotx_firmware::::::::	1	OR	ath-al00c00b210
cpe:2.3:h:huawei:shotx:-:::::::*	0	OR
		AND
cpe:2.3:o:huawei:g8_firmware::::::::	1	OR	rio-al00c00b220
cpe:2.3:h:huawei:g8:-:::::::*	0	OR
		AND
cpe:2.3:o:huawei:g8_firmware::::::::	1	OR	rio-cl00c92b220
cpe:2.3:h:huawei:g8:-:::::::*	0	OR
		AND
cpe:2.3:o:huawei:g8_firmware::::::::	1	OR	rio-tl00c01b220
cpe:2.3:h:huawei:g8:-:::::::*	0	OR
		AND
cpe:2.3:o:huawei:g8_firmware::::::::	1	OR	rio-ul00c00b220
cpe:2.3:h:huawei:g8:-:::::::*	0	OR

CVSS Version 2

Version
2.0

Vector String
AV:N/AC:M/Au:N/C:P/I:P/A:P

Access Vector
NETWORK

Access Compatibility
MEDIUM

Authentication
NONE

Confidentiality Impact
PARTIAL

Integrity Impact
PARTIAL

Availability Impact
PARTIAL

Base Score
6.8

Severity
MEDIUM

Exploitability Score
8.6

Impact Score
6.4

CVSS Version 3

Version
3.0

Vector String
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector
LOCAL

Attack Compatibility
LOW

Privileges Required
NONE

User Interaction
REQUIRED

Scope
UNCHANGED

Confidentiality Impact
HIGH

Availability Impact
HIGH

Base Score
7.8

Base Severity
HIGH

Exploitability Score
1.8

Impact Score
5.9

References

Reference URL	Reference Tags
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170125-01-emui-en	Issue Tracking Vendor Advisory
http://www.securityfocus.com/bid/95919	Third Party Advisory VDB Entry

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2017-2692
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2692

History

Created	Old Value	New Value	Data Type	Notes
2022-05-10 08:09:40				Added to TrackCVE
2022-12-02 23:19:19	2017-11-22T19:29Z	2017-11-22T19:29:00	CVE Published Date	updated
2022-12-02 23:19:19		2017-12-07T18:56:07	CVE Modified Date	updated
2022-12-02 23:19:20		Analyzed	Vulnerability Status	updated