PT-2017-15486 · Huawei · Huawei Themes App

Publicado

2017-11-22

Atualizado

2019-10-03

CVE-2017-2699

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Huawei Themes APP versions earlier than PLK-UL00C17B385 Huawei Themes APP versions earlier than CRR-L09C432B380 Huawei Themes APP versions earlier than LYO-L21C577B128

Description The issue allows an attacker to exploit a privilege elevation vulnerability to upload theme packs containing malicious files. This could trick users into installing the theme packets, resulting in the execution of arbitrary code.

Recommendations For versions earlier than PLK-UL00C17B385, update to a version PLK-UL00C17B385 or later. For versions earlier than CRR-L09C432B380, update to a version CRR-L09C432B380 or later. For versions earlier than LYO-L21C577B128, update to a version LYO-L21C577B128 or later.

Correção

Unrestricted File Upload

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-434

Identificadores relacionados

CVE-2017-2699

Produtos afetados

Huawei Themes App

PT-2017-15486 · Huawei · Huawei Themes App

CVE-2017-2699

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4