CVE-2017-2699

CWE-434 — Unrestricted File Upload3 documents3 sources

Severity

7.8HIGH

EPSS

0.2%

top 63.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei Honor 7 Firmware Huawei Lyo-l21 Firmware Huawei Mate S Firmware

Timeline

PublishedNov 22

Latest updateMay 13

Description

The Huawei Themes APP in versions earlier than PLK-UL00C17B385, versions earlier than CRR-L09C432B380, versions earlier than LYO-L21C577B128 has a privilege elevation vulnerability. An attacker could exploit this vulnerability to upload theme packs containing malicious files and trick users into installing the theme packets, resulting in the execution of arbitrary code.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

▶NVDhuawei/mate_s_firmware< crr-l09c432b380

▶NVDhuawei/honor_7_firmware< plk-ul00c17b385

▶NVDhuawei/lyo-l21_firmware< lyo-l21c577b128

🔴Vulnerability Details

GHSA

GHSA-gqq5-75vx-5rw6: The Huawei Themes APP in versions earlier than PLK-UL00C17B385, versions earlier than CRR-L09C432B380, versions earlier than LYO-L21C577B128 has a pri↗2022-05-13

▶

CVEList

CVE-2017-2699: The Huawei Themes APP in versions earlier than PLK-UL00C17B385, versions earlier than CRR-L09C432B380, versions earlier than LYO-L21C577B128 has a pri↗2017-11-22

▶