OpenCVE

Huawei UTPS earlier than UTPS-V200R003B015D16SPC00C983 has an unquoted service path vulnerability which can lead to the truncation of UTPS service query paths. An attacker may put an executable file in the search path of the affected service and obtain elevated privileges after the executable file is executed.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Huawei	Utps Firmware

Configuration 1 [-]

cpe:2.3:o:huawei:utps_firmware:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161116-01-utps-en
http://www.security-geek.in/2017/02/07/0day-discovery-system-level-access-by-privilege-escalation-of-huawei-manufactured-airtel-photon-dongles/
http://www.securityfocus.com/bid/94403
https://www.exploit-db.com/exploits/40807/

History

No history.

MITRE

Status: PUBLISHED

Assigner: huawei

Published: 2017-04-02T20:00:00Z

Updated: 2024-09-16T22:21:07.830Z

Reserved: 2016-10-18T00:00:00

Link: CVE-2016-8769

Vulnrichment

No data.

NVD

Status : Modified

Published: 2017-04-02T20:59:01.390

Modified: 2024-11-21T03:00:01.440

Link: CVE-2016-8769

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Huawei UTPS", "vendor": "Huawei Technologies Co., Ltd.", "versions": [{"status": "affected", "version": "earlier than UTPS-V200R003B015D16SPC00C983"}]}], "datePublic": "2017-11-15T00:00:00", "descriptions": [{"lang": "en", "value": "Huawei UTPS earlier than UTPS-V200R003B015D16SPC00C983 has an unquoted service path vulnerability which can lead to the truncation of UTPS service query paths. An attacker may put an executable file in the search path of the affected service and obtain elevated privileges after the executable file is executed."}], "problemTypes": [{"descriptions": [{"description": "unquoted service path", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-02T09:57:01", "orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.security-geek.in/2017/02/07/0day-discovery-system-level-access-by-privilege-escalation-of-huawei-manufactured-airtel-photon-dongles/"}, {"name": "94403", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/94403"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161116-01-utps-en"}, {"name": "40807", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/40807/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@huawei.com", "DATE_PUBLIC": "2017-11-15T00:00:00", "ID": "CVE-2016-8769", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Huawei UTPS", "version": {"version_data": [{"version_value": "earlier than UTPS-V200R003B015D16SPC00C983"}]}}]}, "vendor_name": "Huawei Technologies Co., Ltd."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Huawei UTPS earlier than UTPS-V200R003B015D16SPC00C983 has an unquoted service path vulnerability which can lead to the truncation of UTPS service query paths. An attacker may put an executable file in the search path of the affected service and obtain elevated privileges after the executable file is executed."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "unquoted service path"}]}]}, "references": {"reference_data": [{"name": "http://www.security-geek.in/2017/02/07/0day-discovery-system-level-access-by-privilege-escalation-of-huawei-manufactured-airtel-photon-dongles/", "refsource": "MISC", "url": "http://www.security-geek.in/2017/02/07/0day-discovery-system-level-access-by-privilege-escalation-of-huawei-manufactured-airtel-photon-dongles/"}, {"name": "94403", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94403"}, {"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161116-01-utps-en", "refsource": "CONFIRM", "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161116-01-utps-en"}, {"name": "40807", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/40807/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T02:35:01.051Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.security-geek.in/2017/02/07/0day-discovery-system-level-access-by-privilege-escalation-of-huawei-manufactured-airtel-photon-dongles/"}, {"name": "94403", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/94403"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161116-01-utps-en"}, {"name": "40807", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/40807/"}]}]}, "cveMetadata": {"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "assignerShortName": "huawei", "cveId": "CVE-2016-8769", "datePublished": "2017-04-02T20:00:00Z", "dateReserved": "2016-10-18T00:00:00", "dateUpdated": "2024-09-16T22:21:07.830Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:utps_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "8F8526F6-4933-4165-A487-C0A528EB1C5C", "versionEndIncluding": "v200r003b015d15sp00c983", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Huawei UTPS earlier than UTPS-V200R003B015D16SPC00C983 has an unquoted service path vulnerability which can lead to the truncation of UTPS service query paths. An attacker may put an executable file in the search path of the affected service and obtain elevated privileges after the executable file is executed."}, {"lang": "es", "value": "Huawei UTPS en versiones anteriores a UTPS-V200R003B015D16SPC00C983 tiene una vulnerabilidad de ruta de servicio no citada lo que pude conducir al truncamiento de rutas de consulta de servicio UTPS. Un atacante puede poner un archivo ejecutable en la ruta de b\u00fasqueda y obtener privilegios elevados despu\u00e9s de ejecutar el archivo ejecutable."}], "id": "CVE-2016-8769", "lastModified": "2024-11-21T03:00:01.440", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-04-02T20:59:01.390", "references": [{"source": "psirt@huawei.com", "tags": ["Vendor Advisory"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161116-01-utps-en"}, {"source": "psirt@huawei.com", "tags": ["Third Party Advisory", "URL Repurposed"], "url": "http://www.security-geek.in/2017/02/07/0day-discovery-system-level-access-by-privilege-escalation-of-huawei-manufactured-airtel-photon-dongles/"}, {"source": "psirt@huawei.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/94403"}, {"source": "psirt@huawei.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/40807/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161116-01-utps-en"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "URL Repurposed"], "url": "http://www.security-geek.in/2017/02/07/0day-discovery-system-level-access-by-privilege-escalation-of-huawei-manufactured-airtel-photon-dongles/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/94403"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/40807/"}], "sourceIdentifier": "psirt@huawei.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}