Vulnerability Description
The Keyguard application in ALE-L02C635B140 and earlier versions,ALE-L02C636B140 and earlier versions,ALE-L21C10B150 and earlier versions,ALE-L21C185B200 and earlier versions,ALE-L21C432B214 and earlier versions,ALE-L21C464B150 and earlier versions,ALE-L21C636B200 and earlier versions,ALE-L23C605B190 and earlier versions,ALE-TL00C01B250 and earlier versions,ALE-UL00C00B250 and earlier versions,MT7-L09C605B325 and earlier versions,MT7-L09C900B339 and earlier versions,MT7-TL10C900B339 and earlier versions,CRR-CL00C92B172 and earlier versions,CRR-L09C432B180 and earlier versions,CRR-TL00C01B172 and earlier versions,CRR-UL00C00B172 and earlier versions,CRR-UL20C432B171 and earlier versions,GRA-CL00C92B230 and earlier versions,GRA-L09C432B222 and earlier versions,GRA-TL00C01B230SP01 and earlier versions,GRA-UL00C00B230 and earlier versions,GRA-UL00C10B201 and earlier versions,GRA-UL00C432B220 and earlier versions,H60-L04C10B523 and earlier versions,H60-L04C185B523 and earlier versions,H60-L04C636B527 and earlier versions,H60-L04C900B530 and earlier versions,PLK-AL10C00B220 and earlier versions,PLK-AL10C92B220 and earlier versions,PLK-CL00C92B220 and earlier versions,PLK-L01C10B140 and earlier versions,PLK-L01C185B130 and earlier versions,PLK-L01C432B187 and earlier versions,PLK-L01C432B190 and earlier versions,PLK-L01C432B190 and earlier versions,PLK-L01C636B130 and earlier versions,PLK-TL00C01B220 and earlier versions,PLK-TL01HC01B220 and earlier versions,PLK-UL00C17B220 and earlier versions,ATH-AL00C00B210 and earlier versions,ATH-AL00C92B200 and earlier versions,ATH-CL00C92B210 and earlier versions,ATH-TL00C01B210 and earlier versions,ATH-TL00HC01B210 and earlier versions,ATH-UL00C00B210 and earlier versions,RIO-AL00C00B220 and earlier versions,RIO-CL00C92B220 and earlier versions,RIO-TL00C01B220 and earlier versions,RIO-UL00C00B220 and earlier versions have a privilege elevation vulnerability. An attacker may exploit it to launch command injection in order to gain elevated privileges.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Huawei | P8 Lite Firmware | <= ale-l02c635b140 |
| Huawei | P8 Lite | - |
| Huawei | Mate 7 Firmware | <= mt7-l09c605b325 |
| Huawei | Mate 7 | - |
| Huawei | Mate S Firmware | <= crr-cl00c92b172 |
| Huawei | Mate S | - |
| Huawei | P8 Firmware | <= gra-cl00c92b230 |
| Huawei | P8 | - |
| Huawei | Honor 6 Firmware | <= h60-l04c10b523 |
| Huawei | Honor 6 | - |
| Huawei | Honor 7 Firmware | <= plk-al10c00b220 |
| Huawei | Honor 7 | - |
| Huawei | Shotx Firmware | <= ath-al00c92b200 |
| Huawei | Shotx | - |
| Huawei | G8 Firmware | <= rio-al00c00b220 |
| Huawei | G8 | - |
Related Weaknesses (CWE)
References
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170125-01-emui-enIssue TrackingVendor Advisory
- http://www.securityfocus.com/bid/95919Third Party AdvisoryVDB Entry
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170125-01-emui-enIssue TrackingVendor Advisory
- http://www.securityfocus.com/bid/95919Third Party AdvisoryVDB Entry
FAQ
What is CVE-2017-2692?
CVE-2017-2692 is a vulnerability with a CVSS score of 7.8 (HIGH). The Keyguard application in ALE-L02C635B140 and earlier versions,ALE-L02C636B140 and earlier versions,ALE-L21C10B150 and earlier versions,ALE-L21C185B200 and earlier versions,ALE-L21C432B214 and earli...
How severe is CVE-2017-2692?
CVE-2017-2692 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-2692?
Check the references section above for vendor advisories and patch information. Affected products include: Huawei P8 Lite Firmware, Huawei P8 Lite, Huawei Mate 7 Firmware, Huawei Mate 7, Huawei Mate S Firmware.