CVE-2014-8358 - OpenCVE

Huawei EC156, EC176, and EC177 USB Modem products with software before UTPS-V200R003B015D02SP07C1014 (23.015.02.07.1014) and before V200R003B015D02SP08C1014 (23.015.02.08.1014) use a weak ACL for the "Mobile Partner" directory, which allows remote attackers to gain SYSTEM privileges by compromising a low privilege account and modifying Mobile Partner.exe.

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Huawei	Ec156 Ec156 Firmware Ec176 Ec176 Firmware Ec177 Ec177 Firmware

Configuration 1 [-]

AND

cpe:2.3:h:huawei:ec156:-:*:*:*:*:*:*:*

cpe:2.3:o:huawei:ec156_firmware:v200r003b009d05sp03c1014:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:h:huawei:ec176:-:*:*:*:*:*:*:*

cpe:2.3:o:huawei:ec176_firmware:v200r003b009d05sp03c1014:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:h:huawei:ec177:-:*:*:*:*:*:*:*

cpe:2.3:o:huawei:ec177_firmware:v200r003b009d05sp03c1014:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.huawei.com/us/psirt/security-advisories/2014/hw-376152
http://www.securityfocus.com/bid/70672
https://packetstormsecurity.com/files/128767/Huawei-Mobile-Partner-DLL-Hijacking.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2017-12-11T21:00:00

Updated: 2024-08-06T13:18:47.299Z

Reserved: 2014-10-20T00:00:00

Link: CVE-2014-8358

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2017-12-11T21:29:00.237

Modified: 2017-12-29T14:18:04.417

Link: CVE-2014-8358

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-10-22T00:00:00", "descriptions": [{"lang": "en", "value": "Huawei EC156, EC176, and EC177 USB Modem products with software before UTPS-V200R003B015D02SP07C1014 (23.015.02.07.1014) and before V200R003B015D02SP08C1014 (23.015.02.08.1014) use a weak ACL for the \"Mobile Partner\" directory, which allows remote attackers to gain SYSTEM privileges by compromising a low privilege account and modifying Mobile Partner.exe."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-12-11T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.huawei.com/us/psirt/security-advisories/2014/hw-376152"}, {"tags": ["x_refsource_MISC"], "url": "https://packetstormsecurity.com/files/128767/Huawei-Mobile-Partner-DLL-Hijacking.html"}, {"name": "70672", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/70672"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-8358", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Huawei EC156, EC176, and EC177 USB Modem products with software before UTPS-V200R003B015D02SP07C1014 (23.015.02.07.1014) and before V200R003B015D02SP08C1014 (23.015.02.08.1014) use a weak ACL for the \"Mobile Partner\" directory, which allows remote attackers to gain SYSTEM privileges by compromising a low privilege account and modifying Mobile Partner.exe."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.huawei.com/us/psirt/security-advisories/2014/hw-376152", "refsource": "CONFIRM", "url": "http://www.huawei.com/us/psirt/security-advisories/2014/hw-376152"}, {"name": "https://packetstormsecurity.com/files/128767/Huawei-Mobile-Partner-DLL-Hijacking.html", "refsource": "MISC", "url": "https://packetstormsecurity.com/files/128767/Huawei-Mobile-Partner-DLL-Hijacking.html"}, {"name": "70672", "refsource": "BID", "url": "http://www.securityfocus.com/bid/70672"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T13:18:47.299Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.huawei.com/us/psirt/security-advisories/2014/hw-376152"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://packetstormsecurity.com/files/128767/Huawei-Mobile-Partner-DLL-Hijacking.html"}, {"name": "70672", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/70672"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-8358", "datePublished": "2017-12-11T21:00:00", "dateReserved": "2014-10-20T00:00:00", "dateUpdated": "2024-08-06T13:18:47.299Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:ec156:-:*:*:*:*:*:*:*", "matchCriteriaId": "6ADF6AD7-D1E0-4F87-807E-4A81DE6AC180", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:ec156_firmware:v200r003b009d05sp03c1014:*:*:*:*:*:*:*", "matchCriteriaId": "39204510-F717-4680-971D-792323BCF4B7", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:ec176:-:*:*:*:*:*:*:*", "matchCriteriaId": "481CD8C2-22EC-4D89-8572-D19A966E4D34", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:ec176_firmware:v200r003b009d05sp03c1014:*:*:*:*:*:*:*", "matchCriteriaId": "183D6AC8-25D6-4E00-9623-1D11F34AC83A", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:ec177:-:*:*:*:*:*:*:*", "matchCriteriaId": "E506BDAF-B31B-45A8-9DF1-BEF0C40356B3", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:ec177_firmware:v200r003b009d05sp03c1014:*:*:*:*:*:*:*", "matchCriteriaId": "EEEFCFEA-2EE4-484E-8825-F077839473E1", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Huawei EC156, EC176, and EC177 USB Modem products with software before UTPS-V200R003B015D02SP07C1014 (23.015.02.07.1014) and before V200R003B015D02SP08C1014 (23.015.02.08.1014) use a weak ACL for the \"Mobile Partner\" directory, which allows remote attackers to gain SYSTEM privileges by compromising a low privilege account and modifying Mobile Partner.exe."}, {"lang": "es", "value": "Los m\u00f3dems USB Huawei EC156, EC176 y EC177 con software en versiones anteriores a la UTPS-V200R003B015D02SP07C1014 (23.015.02.07.1014) y a la V200R003B015D02SP08C1014 (23.015.02.08.1014) emplean una lista de control de acceso (ACL) d\u00e9bil para el directorio \"Mobile Partner\". Esto permite que atacantes remotos obtengan privilegios SYSTEM comprometiendo una cuenta con pocos privilegios y modificando Mobile Partner.exe."}], "id": "CVE-2014-8358", "lastModified": "2017-12-29T14:18:04.417", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-12-11T21:29:00.237", "references": [{"source": "cve@mitre.org", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "http://www.huawei.com/us/psirt/security-advisories/2014/hw-376152"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/70672"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Third Party Advisory", "VDB Entry"], "url": "https://packetstormsecurity.com/files/128767/Huawei-Mobile-Partner-DLL-Hijacking.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-426"}], "source": "nvd@nist.gov", "type": "Primary"}]}