cnvd-2017-01540
Vulnerability from cnvd

Title: Huawei EMUI权限提升漏洞

Description:

Huawei EMUI是中国华为(Huawei)公司开发的一套基于Android平台的智能终端人机交互系统。

Huawei EMUI存在权限提升漏洞,该漏洞源于未能充分检查keyguard应用中特定参数。攻击者可通过诱使用户安装恶意应用程序利用该漏洞注入任意命令,获取提升权限。

Severity:

Patch Name: Huawei EMUI权限提升漏洞的补丁

Patch Description:

Huawei EMUI是中国华为(Huawei)公司开发的一套基于Android平台的智能终端人机交互系统。

Huawei EMUI存在权限提升漏洞,该漏洞源于未能充分检查keyguard应用中特定参数。攻击者可通过诱使用户安装恶意应用程序利用该漏洞注入任意命令,获取提升权限。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。

Formal description:

厂商已发布了漏洞修复程序,请及时关注更新: http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170125-01-emui-en

Reference: http://www.securityfocus.com/bid/95919 http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20170125-01-emui-cn

Impacted products
Name
['Huawei P8 <=GRA-UL00C00B230', 'Huawei P8 <=GRA-CL00C92B230', 'Huawei EMUI 3.1', 'Huawei 麦芒4 <=RIO-CL00C92B220', 'Huawei 麦芒4 <=RIO-TL00C01B220', 'Huawei 麦芒4 <=RIO-UL00C00B220', 'Huawei 麦芒4 <=RIO-AL00C00B220', 'Huawei 荣耀7i <=ATH-AL00C00B210', 'Huawei 荣耀7i <=ATH-AL00C92B200', 'Huawei 荣耀7i <=ATH-CL00C92B210', 'Huawei 荣耀7i <=ATH-TL00C01B210', 'Huawei 荣耀7i <=ATH-TL00HC01B210', 'Huawei 荣耀7i <=ATH-UL00C00B210', 'Huawei 荣耀6 <=H60-L04C10B523', 'Huawei 荣耀6 <=H60-L04C185B523', 'Huawei 荣耀6 <=H60-L04C636B527', 'Huawei 荣耀6 <=H60-L04C900B530', 'Huawei 荣耀7 <=CL00C92B220', 'Huawei 荣耀7 <=L01C10B140', 'Huawei 荣耀7 <=L01C185B130', 'Huawei 荣耀7 <=L01C432B187', 'Huawei 荣耀7 <=L01C432B190', 'Huawei 荣耀7 <=L01C636B130', 'Huawei 荣耀7 <=TL00C01B220', 'Huawei 荣耀7 <=TL01HC01B220', 'Huawei 荣耀7 <=UL00C17B220', 'Huawei Mate S <=CRR-CL00C92B172', 'Huawei Mate S <=CRR-L09C432B180', 'Huawei Mate S <=CRR-TL00C01B172', 'Huawei Mate S <=CRR-UL00C00B172', 'Huawei Mate S <=CRR-UL20C432B171', 'Huawei P8 <=GRA-L09C432B222', 'Huawei P8 <=GRA-TL00C01B230SP01', 'Huawei P8 <=GRA-UL00C10B201', 'Huawei P8 <=GRA-UL00C432B220', 'Huawei Mate 7 <=MT7-L09C605B325', 'Huawei Mate 7 <=MT7-L09C900B339', 'Huawei Mate 7 <=MT7-TL10C900B339', 'Huawei P8青春版 <=ALE-L02C635B140', 'Huawei P8青春版 <=ALE-L02C636B140', 'Huawei P8青春版 <=ALE-L21C10B150', 'Huawei P8青春版 <=ALE-L21C185B200', 'Huawei P8青春版 <=ALE-L21C432B214', 'Huawei P8青春版 <=ALE-L21C464B150', 'Huawei P8青春版 <=ALE-L21C636B200', 'Huawei P8青春版 <=ALE-L23C605B190', 'Huawei P8青春版 <=ALE-TL00C01B250', 'Huawei P8青春版 <=ALE-UL00C00B250']
Show details on source website

To clipboard 

{
  "bids": {
    "bid": {
      "bidNumber": "95919"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-2692"
    }
  },
  "description": "Huawei EMUI\u662f\u4e2d\u56fd\u534e\u4e3a\uff08Huawei\uff09\u516c\u53f8\u5f00\u53d1\u7684\u4e00\u5957\u57fa\u4e8eAndroid\u5e73\u53f0\u7684\u667a\u80fd\u7ec8\u7aef\u4eba\u673a\u4ea4\u4e92\u7cfb\u7edf\u3002\r\n\r\nHuawei EMUI\u5b58\u5728\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u672a\u80fd\u5145\u5206\u68c0\u67e5keyguard\u5e94\u7528\u4e2d\u7279\u5b9a\u53c2\u6570\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u8bf1\u4f7f\u7528\u6237\u5b89\u88c5\u6076\u610f\u5e94\u7528\u7a0b\u5e8f\u5229\u7528\u8be5\u6f0f\u6d1e\u6ce8\u5165\u4efb\u610f\u547d\u4ee4\uff0c\u83b7\u53d6\u63d0\u5347\u6743\u9650\u3002",
  "discovererName": "Huawei",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttp://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170125-01-emui-en",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-01540",
  "openTime": "2017-02-20",
  "patchDescription": "Huawei EMUI\u662f\u4e2d\u56fd\u534e\u4e3a\uff08Huawei\uff09\u516c\u53f8\u5f00\u53d1\u7684\u4e00\u5957\u57fa\u4e8eAndroid\u5e73\u53f0\u7684\u667a\u80fd\u7ec8\u7aef\u4eba\u673a\u4ea4\u4e92\u7cfb\u7edf\u3002\r\n\r\nHuawei EMUI\u5b58\u5728\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u672a\u80fd\u5145\u5206\u68c0\u67e5keyguard\u5e94\u7528\u4e2d\u7279\u5b9a\u53c2\u6570\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u8bf1\u4f7f\u7528\u6237\u5b89\u88c5\u6076\u610f\u5e94\u7528\u7a0b\u5e8f\u5229\u7528\u8be5\u6f0f\u6d1e\u6ce8\u5165\u4efb\u610f\u547d\u4ee4\uff0c\u83b7\u53d6\u63d0\u5347\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Huawei EMUI\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Huawei P8 \u003c=GRA-UL00C00B230",
      "Huawei P8 \u003c=GRA-CL00C92B230",
      "Huawei EMUI 3.1",
      "Huawei \u9ea6\u82924  \u003c=RIO-CL00C92B220",
      "Huawei \u9ea6\u82924  \u003c=RIO-TL00C01B220",
      "Huawei \u9ea6\u82924  \u003c=RIO-UL00C00B220",
      "Huawei \u9ea6\u82924 \u003c=RIO-AL00C00B220",
      "Huawei \u8363\u80007i \u003c=ATH-AL00C00B210",
      "Huawei \u8363\u80007i  \u003c=ATH-AL00C92B200",
      "Huawei \u8363\u80007i  \u003c=ATH-CL00C92B210",
      "Huawei \u8363\u80007i  \u003c=ATH-TL00C01B210",
      "Huawei \u8363\u80007i  \u003c=ATH-TL00HC01B210",
      "Huawei \u8363\u80007i  \u003c=ATH-UL00C00B210",
      "Huawei \u8363\u80006 \u003c=H60-L04C10B523",
      "Huawei \u8363\u80006  \u003c=H60-L04C185B523",
      "Huawei \u8363\u80006  \u003c=H60-L04C636B527",
      "Huawei \u8363\u80006  \u003c=H60-L04C900B530",
      "Huawei \u8363\u80007  \u003c=CL00C92B220",
      "Huawei \u8363\u80007  \u003c=L01C10B140",
      "Huawei \u8363\u80007  \u003c=L01C185B130",
      "Huawei \u8363\u80007  \u003c=L01C432B187",
      "Huawei \u8363\u80007  \u003c=L01C432B190",
      "Huawei \u8363\u80007  \u003c=L01C636B130",
      "Huawei \u8363\u80007  \u003c=TL00C01B220",
      "Huawei \u8363\u80007  \u003c=TL01HC01B220",
      "Huawei \u8363\u80007  \u003c=UL00C17B220",
      "Huawei Mate S \u003c=CRR-CL00C92B172",
      "Huawei Mate S  \u003c=CRR-L09C432B180",
      "Huawei Mate S  \u003c=CRR-TL00C01B172",
      "Huawei Mate S  \u003c=CRR-UL00C00B172",
      "Huawei Mate S  \u003c=CRR-UL20C432B171",
      "Huawei P8 \u003c=GRA-L09C432B222",
      "Huawei P8  \u003c=GRA-TL00C01B230SP01",
      "Huawei P8  \u003c=GRA-UL00C10B201",
      "Huawei P8  \u003c=GRA-UL00C432B220",
      "Huawei Mate 7 \u003c=MT7-L09C605B325",
      "Huawei Mate 7  \u003c=MT7-L09C900B339",
      "Huawei Mate 7  \u003c=MT7-TL10C900B339",
      "Huawei P8\u9752\u6625\u7248 \u003c=ALE-L02C635B140",
      "Huawei P8\u9752\u6625\u7248  \u003c=ALE-L02C636B140",
      "Huawei P8\u9752\u6625\u7248  \u003c=ALE-L21C10B150",
      "Huawei P8\u9752\u6625\u7248  \u003c=ALE-L21C185B200",
      "Huawei P8\u9752\u6625\u7248  \u003c=ALE-L21C432B214",
      "Huawei P8\u9752\u6625\u7248  \u003c=ALE-L21C464B150",
      "Huawei P8\u9752\u6625\u7248  \u003c=ALE-L21C636B200",
      "Huawei P8\u9752\u6625\u7248  \u003c=ALE-L23C605B190",
      "Huawei P8\u9752\u6625\u7248  \u003c=ALE-TL00C01B250",
      "Huawei P8\u9752\u6625\u7248  \u003c=ALE-UL00C00B250"
    ]
  },
  "referenceLink": "http://www.securityfocus.com/bid/95919\r\nhttp://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20170125-01-emui-cn",
  "serverity": "\u4e2d",
  "submitTime": "2017-02-10",
  "title": "Huawei EMUI\u6743\u9650\u63d0\u5347\u6f0f\u6d1e"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.