CVE-2014-8358

Published Dec 11, 2017

Last updated 7 years ago

CVSS high 7.8

Overview

Description: Huawei EC156, EC176, and EC177 USB Modem products with software before UTPS-V200R003B015D02SP07C1014 (23.015.02.07.1014) and before V200R003B015D02SP08C1014 (23.015.02.08.1014) use a weak ACL for the "Mobile Partner" directory, which allows remote attackers to gain SYSTEM privileges by compromising a low privilege account and modifying Mobile Partner.exe.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 3.0

Type: Primary
Base score: 7.8
Impact score: 5.9
Exploitability score: 1.8
Vector string: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 9.3
Impact score: 10
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-426

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:huawei:ec156:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "6ADF6AD7-D1E0-4F87-807E-4A81DE6AC180"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:huawei:ec156_firmware:v200r003b009d05sp03c1014:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "39204510-F717-4680-971D-792323BCF4B7"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:huawei:ec176:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "481CD8C2-22EC-4D89-8572-D19A966E4D34"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:huawei:ec176_firmware:v200r003b009d05sp03c1014:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "183D6AC8-25D6-4E00-9623-1D11F34AC83A"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:huawei:ec177:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E506BDAF-B31B-45A8-9DF1-BEF0C40356B3"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:huawei:ec177_firmware:v200r003b009d05sp03c1014:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EEEFCFEA-2EE4-484E-8825-F077839473E1"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References