Vulnerability Details : CVE-2017-2693
ALE-L02C635B140 and earlier versions,ALE-L02C636B140 and earlier versions,ALE-L21C10B150 and earlier versions,ALE-L21C185B200 and earlier versions,ALE-L21C432B214 and earlier versions,ALE-L21C464B150 and earlier versions,ALE-L21C636B200 and earlier versions,ALE-L23C605B190 and earlier versions,ALE-TL00C01B250 and earlier versions,ALE-UL00C00B250 and earlier versions,MT7-L09C605B325 and earlier versions,MT7-L09C900B339 and earlier versions,MT7-TL10C900B339 and earlier versions,CRR-CL00C92B172 and earlier versions,CRR-L09C432B180 and earlier versions,CRR-TL00C01B172 and earlier versions,CRR-UL00C00B172 and earlier versions,CRR-UL20C432B171 and earlier versions,GRA-CL00C92B230 and earlier versions,GRA-L09C432B222 and earlier versions,GRA-TL00C01B230SP01 and earlier versions,GRA-UL00C00B230 and earlier versions,GRA-UL00C10B201 and earlier versions,GRA-UL00C432B220 and earlier versions,H60-L04C10B523 and earlier versions,H60-L04C185B523 and earlier versions,H60-L04C636B527 and earlier versions,H60-L04C900B530 and earlier versions,PLK-AL10C00B220 and earlier versions,PLK-AL10C92B220 and earlier versions,PLK-CL00C92B220 and earlier versions,PLK-L01C10B140 and earlier versions,PLK-L01C185B130 and earlier versions,PLK-L01C432B187 and earlier versions,PLK-L01C432B190 and earlier versions,PLK-L01C432B190 and earlier versions,PLK-L01C636B130 and earlier versions,PLK-TL00C01B220 and earlier versions,PLK-TL01HC01B220 and earlier versions,PLK-UL00C17B220 and earlier versions,ATH-AL00C00B210 and earlier versions,ATH-AL00C92B200 and earlier versions,ATH-CL00C92B210 and earlier versions,ATH-TL00C01B210 and earlier versions,ATH-TL00HC01B210 and earlier versions,ATH-UL00C00B210 and earlier versions,RIO-AL00C00B220 and earlier versions,RIO-CL00C92B220 and earlier versions,RIO-TL00C01B220 and earlier versions,RIO-UL00C00B220 and earlier versions have a path traversal vulnerability. An attacker may exploit it to decompress malicious files into a target path.
Vulnerability category: Directory traversal
Products affected by CVE-2017-2693
- cpe:2.3:o:huawei:p8_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:p8_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:p8_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:p8_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:p8_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:p8_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:mate_7_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:mate_7_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:mate_7_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:mate_s_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:mate_s_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:mate_s_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:mate_s_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:mate_s_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:honor_6_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:honor_6_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:honor_6_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:honor_6_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:p8_lite_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:p8_lite_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:p8_lite_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:p8_lite_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:p8_lite_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:p8_lite_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:p8_lite_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:p8_lite_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:p8_lite_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:p8_lite_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:honor_7_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:honor_7_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:honor_7_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:honor_7_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:honor_7_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:honor_7_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:honor_7_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:honor_7_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:honor_7_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:honor_7_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:shotx_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:shotx_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:shotx_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:shotx_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:shotx_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:shotx_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:shotx_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:g8_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:g8_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:g8_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:g8_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-2693
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 30 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-2693
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST | |
7.8
|
HIGH | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2017-2693
-
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-2693
-
http://www.securityfocus.com/bid/95919
Huawei EMUI Directory Traversal and Command Injection VulnerabilitiesThird Party Advisory;VDB Entry
-
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170125-01-emui-en
Security Advisory - Two Security Vulnerabilities in Huawei EMUIIssue Tracking;Vendor Advisory
Jump to