PT-2016-6696 · Huawei · Huawei Hisuite
Benjamin Gnahm
·
Publicado
2016-07-13
·
Atualizado
2018-10-09
·
CVE-2016-5821
CVSS v3.1
7.8
Alta
| Vetor | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Huawei HiSuite versions prior to 4.0.4.204 ove (Out of China)
Huawei HiSuite versions prior to 4.0.4.301 (China)
Description
The issue allows local users to gain SYSTEM privileges via a Trojan horse
SspiCli.dll or USERENV.dll file or possibly other unspecified DLL files, due to a weak ACL for the HiSuite service directory.Recommendations
For versions prior to 4.0.4.204 ove (Out of China), update to version 4.0.4.204 ove or later.
For versions prior to 4.0.4.301 (China), update to version 4.0.4.301 or later.
Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Huawei Hisuite