PT-2016-6696 · Huawei · Huawei Hisuite
Benjamin Gnahm
·
Published
2016-07-13
·
Updated
2018-10-09
·
CVE-2016-5821
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Huawei HiSuite versions prior to 4.0.4.204 ove (Out of China)
Huawei HiSuite versions prior to 4.0.4.301 (China)
Description
The issue allows local users to gain SYSTEM privileges via a Trojan horse
SspiCli.dll or USERENV.dll file or possibly other unspecified DLL files, due to a weak ACL for the HiSuite service directory.Recommendations
For versions prior to 4.0.4.204 ove (Out of China), update to version 4.0.4.204 ove or later.
For versions prior to 4.0.4.301 (China), update to version 4.0.4.301 or later.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Huawei Hisuite