Vulnerability Details : CVE-2016-2855
The Huawei Mobile Broadband HL Service 22.001.25.00.03 and earlier uses a weak ACL for the MobileBrServ program data directory, which allows local users to gain SYSTEM privileges by modifying VERSION.dll.
Products affected by CVE-2016-2855
- cpe:2.3:a:huawei:mobile_broadband_hl_service:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-2855
0.07%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 22 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-2855
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST | |
|
7.8
|
HIGH | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2016-2855
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-2855
-
https://www.youtube.com/watch?v=MwtjE2PmEJU
YouTube
-
http://packetstormsecurity.com/files/137025/Huawei-Mobile-Broadband-HL-Service-22.001.25.00.03-Local-Privilege-Escalation.html
Huawei Mobile Broadband HL Service 22.001.25.00.03 Local Privilege Escalation ≈ Packet Storm
-
http://seclists.org/fulldisclosure/2016/May/34
Full Disclosure: Huawei Mobile Broadband HL Service Local Privilege Escalation
-
https://bogner.sh/2016/05/cve-2016-2855-huawei-mobile-broadband-hl-service-local-privilege-escalation/
CVE-2016-2855: Huawei Mobile Broadband HL Service Local Privilege Escalation » #bogner.sh
Jump to