CVE-2017-2694 — LOW (3.3) — White Hats Nepal

Q: How severe is CVE-2017-2694?

CVE-2017-2694 has been rated LOW with a CVSS base score of 3.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2017-2694?

Check the references section above for vendor advisories and patch information. Affected products include: Huawei Vmall.

Vulnerability Description

The AlarmService component in HwVmall with software earlier than 1.5.2.0 versions has no control over calling permissions, allowing any third party to call. An attacker can construct a malicious application to call it. Consequently, alert music will be played suddenly, compromising user experience.

CVSS Score

3.3

LOW

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Huawei	Vmall	< 1.5.2.0

Related Weaknesses (CWE)

CWE-275

References

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170125-01-vmall-eVendor Advisory
http://www.securityfocus.com/bid/95915Third Party AdvisoryVDB Entry
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170125-01-vmall-eVendor Advisory
http://www.securityfocus.com/bid/95915Third Party AdvisoryVDB Entry

FAQ

What is CVE-2017-2694?

CVE-2017-2694 is a vulnerability with a CVSS score of 3.3 (LOW). The AlarmService component in HwVmall with software earlier than 1.5.2.0 versions has no control over calling permissions, allowing any third party to call. An attacker can construct a malicious appli...

How severe is CVE-2017-2694?

CVE-2017-2694 has been rated LOW with a CVSS base score of 3.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-2694?

Check the references section above for vendor advisories and patch information. Affected products include: Huawei Vmall.