CVE-2016-8769

moderate-risk
Published 2017-04-02

Huawei UTPS earlier than UTPS-V200R003B015D16SPC00C983 has an unquoted service path vulnerability which can lead to the truncation of UTPS service query paths. An attacker may put an executable file in the search path of the affected service and obtain elevated privileges after the executable file is executed.

Do I need to act?

-
0.42% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
1 public exploit available
40807
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.7/10 Medium
LOCAL / LOW complexity

Affected Products (1)

Affected Vendors

Huawei

References (8)

Vendor Advisory http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161116-01-utps-en
Third Party Advisory http://www.security-geek.in/2017/02/07/0day-discovery-system-level-access-by-pri...
Third Party Advisory http://www.securityfocus.com/bid/94403
Third Party Advisory https://www.exploit-db.com/exploits/40807/
Vendor Advisory http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161116-01-utps-en
Third Party Advisory http://www.security-geek.in/2017/02/07/0day-discovery-system-level-access-by-pri...
Third Party Advisory http://www.securityfocus.com/bid/94403
Third Party Advisory https://www.exploit-db.com/exploits/40807/
35
/ 100
moderate-risk
Severity 21/34 · High
Exploitability 9/34 · Low
Exposure 5/34 · Minimal