Vulnerability Details : CVE-2017-2699
The Huawei Themes APP in versions earlier than PLK-UL00C17B385, versions earlier than CRR-L09C432B380, versions earlier than LYO-L21C577B128 has a privilege elevation vulnerability. An attacker could exploit this vulnerability to upload theme packs containing malicious files and trick users into installing the theme packets, resulting in the execution of arbitrary code.
Products affected by CVE-2017-2699
- cpe:2.3:o:huawei:mate_s_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:honor_7_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:lyo-l21_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-2699
0.09%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 40 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-2699
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST | |
7.8
|
HIGH | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2017-2699
-
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-2699
-
http://www.securityfocus.com/bid/96424
Huawei Honor 7 and Mate S CVE-2017-2699 Arbitrary File Upload VulnerabilityThird Party Advisory;VDB Entry
-
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170222-01-theme-en
Security Advisory - Privilege Elevation Vulnerability Caused by Arbitrary File Upload in Huawei ThemesVendor Advisory
Jump to