cnvd - cnvd-2016-11300

cnvd-2016-11300

Vulnerability from cnvd

Title: 华为UTPS存在权限提升漏洞

Description:

华为UTPS（Unified Terminal PC suite，也称Mobile Partner）是运行于PC上的管理数据卡的应用软件，提供数据卡设置、拨号连接、收发短信和管理电话本等功能。

华为UTPS存在一个服务路径未加引号的漏洞，导致UTPS服务的搜索路径会被截断。攻击者在搜索路径下放置一个可执行程序，该程序运行后可以获得权限提升。

Severity: 中

Patch Name: 华为UTPS存在权限提升漏洞的补丁

Patch Description:

华为UTPS（Unified Terminal PC suite，也称Mobile Partner）是运行于PC上的管理数据卡的应用软件，提供数据卡设置、拨号连接、收发短信和管理电话本等功能。

华为UTPS存在一个服务路径未加引号的漏洞，导致UTPS服务的搜索路径会被截断。攻击者在搜索路径下放置一个可执行程序，该程序运行后可以获得权限提升。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

用户可参考如下厂商提供的安全补丁以修复该漏洞： http://www.huawei.com/cn/psirt/security-advisories/2016/huawei-sa-20161116-01-utps-cn

Reference: http://www.huawei.com/cn/psirt/security-advisories/2016/huawei-sa-20161116-01-utps-cn

Impacted products

Name
Huawei UTPS <UTPS-V200R003B015D16SPC00C983

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "94403"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-8769"
    }
  },
  "description": "\u534e\u4e3aUTPS\uff08Unified Terminal PC suite\uff0c\u4e5f\u79f0Mobile Partner\uff09\u662f\u8fd0\u884c\u4e8ePC\u4e0a\u7684\u7ba1\u7406\u6570\u636e\u5361\u7684\u5e94\u7528\u8f6f\u4ef6\uff0c\u63d0\u4f9b\u6570\u636e\u5361\u8bbe\u7f6e\u3001\u62e8\u53f7\u8fde\u63a5\u3001\u6536\u53d1\u77ed\u4fe1\u548c\u7ba1\u7406\u7535\u8bdd\u672c\u7b49\u529f\u80fd\u3002\r\n\r\n\u534e\u4e3aUTPS\u5b58\u5728\u4e00\u4e2a\u670d\u52a1\u8def\u5f84\u672a\u52a0\u5f15\u53f7\u7684\u6f0f\u6d1e\uff0c\u5bfc\u81f4UTPS\u670d\u52a1\u7684\u641c\u7d22\u8def\u5f84\u4f1a\u88ab\u622a\u65ad\u3002\u653b\u51fb\u8005\u5728\u641c\u7d22\u8def\u5f84\u4e0b\u653e\u7f6e\u4e00\u4e2a\u53ef\u6267\u884c\u7a0b\u5e8f\uff0c\u8be5\u7a0b\u5e8f\u8fd0\u884c\u540e\u53ef\u4ee5\u83b7\u5f97\u6743\u9650\u63d0\u5347\u3002",
  "discovererName": "Dhruv Shah",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttp://www.huawei.com/cn/psirt/security-advisories/2016/huawei-sa-20161116-01-utps-cn",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-11300",
  "openTime": "2016-11-18",
  "patchDescription": "\u534e\u4e3aUTPS\uff08Unified Terminal PC suite\uff0c\u4e5f\u79f0Mobile Partner\uff09\u662f\u8fd0\u884c\u4e8ePC\u4e0a\u7684\u7ba1\u7406\u6570\u636e\u5361\u7684\u5e94\u7528\u8f6f\u4ef6\uff0c\u63d0\u4f9b\u6570\u636e\u5361\u8bbe\u7f6e\u3001\u62e8\u53f7\u8fde\u63a5\u3001\u6536\u53d1\u77ed\u4fe1\u548c\u7ba1\u7406\u7535\u8bdd\u672c\u7b49\u529f\u80fd\u3002\r\n\r\n\u534e\u4e3aUTPS\u5b58\u5728\u4e00\u4e2a\u670d\u52a1\u8def\u5f84\u672a\u52a0\u5f15\u53f7\u7684\u6f0f\u6d1e\uff0c\u5bfc\u81f4UTPS\u670d\u52a1\u7684\u641c\u7d22\u8def\u5f84\u4f1a\u88ab\u622a\u65ad\u3002\u653b\u51fb\u8005\u5728\u641c\u7d22\u8def\u5f84\u4e0b\u653e\u7f6e\u4e00\u4e2a\u53ef\u6267\u884c\u7a0b\u5e8f\uff0c\u8be5\u7a0b\u5e8f\u8fd0\u884c\u540e\u53ef\u4ee5\u83b7\u5f97\u6743\u9650\u63d0\u5347\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u534e\u4e3aUTPS\u5b58\u5728\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Huawei UTPS \u003cUTPS-V200R003B015D16SPC00C983"
  },
  "referenceLink": "http://www.huawei.com/cn/psirt/security-advisories/2016/huawei-sa-20161116-01-utps-cn",
  "serverity": "\u4e2d",
  "submitTime": "2016-11-18",
  "title": "\u534e\u4e3aUTPS\u5b58\u5728\u6743\u9650\u63d0\u5347\u6f0f\u6d1e"
}

CVE-2016-8769 (GCVE-0-2016-8769)

Vulnerability from cvelistv5

Published

2017-04-02 20:00

Modified

2024-09-16 22:21

Severity ?

CWE

unquoted service path

Summary

Huawei UTPS earlier than UTPS-V200R003B015D16SPC00C983 has an unquoted service path vulnerability which can lead to the truncation of UTPS service query paths. An attacker may put an executable file in the search path of the affected service and obtain elevated privileges after the executable file is executed.

References

▼	URL	Tags
	http://www.security-geek.in/2017/02/07/0day-discovery-system-level-access-by-privilege-escalation-of-huawei-manufactured-airtel-photon-dongles/	x_refsource_MISC
	http://www.securityfocus.com/bid/94403	vdb-entry, x_refsource_BID
	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161116-01-utps-en	x_refsource_CONFIRM
	https://www.exploit-db.com/exploits/40807/	exploit, x_refsource_EXPLOIT-DB

Impacted products

	Vendor	Product	Version
	Huawei Technologies Co., Ltd.	Huawei UTPS	Version: earlier than UTPS-V200R003B015D16SPC00C983

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:35:01.051Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.security-geek.in/2017/02/07/0day-discovery-system-level-access-by-privilege-escalation-of-huawei-manufactured-airtel-photon-dongles/"
          },
          {
            "name": "94403",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/94403"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161116-01-utps-en"
          },
          {
            "name": "40807",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/40807/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Huawei UTPS",
          "vendor": "Huawei Technologies Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "earlier than UTPS-V200R003B015D16SPC00C983"
            }
          ]
        }
      ],
      "datePublic": "2017-11-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Huawei UTPS earlier than UTPS-V200R003B015D16SPC00C983 has an unquoted service path vulnerability which can lead to the truncation of UTPS service query paths. An attacker may put an executable file in the search path of the affected service and obtain elevated privileges after the executable file is executed."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "unquoted service path",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-02T09:57:01",
        "orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
        "shortName": "huawei"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.security-geek.in/2017/02/07/0day-discovery-system-level-access-by-privilege-escalation-of-huawei-manufactured-airtel-photon-dongles/"
        },
        {
          "name": "94403",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/94403"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161116-01-utps-en"
        },
        {
          "name": "40807",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/40807/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@huawei.com",
          "DATE_PUBLIC": "2017-11-15T00:00:00",
          "ID": "CVE-2016-8769",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Huawei UTPS",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "earlier than UTPS-V200R003B015D16SPC00C983"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Huawei Technologies Co., Ltd."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Huawei UTPS earlier than UTPS-V200R003B015D16SPC00C983 has an unquoted service path vulnerability which can lead to the truncation of UTPS service query paths. An attacker may put an executable file in the search path of the affected service and obtain elevated privileges after the executable file is executed."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "unquoted service path"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.security-geek.in/2017/02/07/0day-discovery-system-level-access-by-privilege-escalation-of-huawei-manufactured-airtel-photon-dongles/",
              "refsource": "MISC",
              "url": "http://www.security-geek.in/2017/02/07/0day-discovery-system-level-access-by-privilege-escalation-of-huawei-manufactured-airtel-photon-dongles/"
            },
            {
              "name": "94403",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/94403"
            },
            {
              "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161116-01-utps-en",
              "refsource": "CONFIRM",
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161116-01-utps-en"
            },
            {
              "name": "40807",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/40807/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
    "assignerShortName": "huawei",
    "cveId": "CVE-2016-8769",
    "datePublished": "2017-04-02T20:00:00Z",
    "dateReserved": "2016-10-18T00:00:00",
    "dateUpdated": "2024-09-16T22:21:07.830Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted