Vulnerability Description
The Huawei Themes APP in versions earlier than PLK-UL00C17B385, versions earlier than CRR-L09C432B380, versions earlier than LYO-L21C577B128 has a privilege elevation vulnerability. An attacker could exploit this vulnerability to upload theme packs containing malicious files and trick users into installing the theme packets, resulting in the execution of arbitrary code.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Huawei | Honor 7 Firmware | < plk-ul00c17b385 |
| Huawei | Honor 7 | - |
| Huawei | Mate S Firmware | < crr-l09c432b380 |
| Huawei | Mate S | - |
| Huawei | Lyo-L21 Firmware | < lyo-l21c577b128 |
| Huawei | Lyo-L21 | - |
Related Weaknesses (CWE)
References
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170222-01-theme-eVendor Advisory
- http://www.securityfocus.com/bid/96424Third Party AdvisoryVDB Entry
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170222-01-theme-eVendor Advisory
- http://www.securityfocus.com/bid/96424Third Party AdvisoryVDB Entry
FAQ
What is CVE-2017-2699?
CVE-2017-2699 is a vulnerability with a CVSS score of 7.8 (HIGH). The Huawei Themes APP in versions earlier than PLK-UL00C17B385, versions earlier than CRR-L09C432B380, versions earlier than LYO-L21C577B128 has a privilege elevation vulnerability. An attacker could ...
How severe is CVE-2017-2699?
CVE-2017-2699 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-2699?
Check the references section above for vendor advisories and patch information. Affected products include: Huawei Honor 7 Firmware, Huawei Honor 7, Huawei Mate S Firmware, Huawei Mate S, Huawei Lyo-L21 Firmware.