CVE-2017-2699 Information

Description

The Huawei Themes APP in versions earlier than PLK-UL00C17B385 versions earlier than CRR-L09C432B380 versions earlier than LYO-L21C577B128 has a privilege elevation vulnerability. An attacker could exploit this vulnerability to upload theme packs containing malicious files and trick users into installing the theme packets resulting in the execution of arbitrary code.

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Reference

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170222-01-theme-en http://www.securityfocus.com/bid/96424

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.8