5 results (0.011 seconds)

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

Earlier than HiSuite 10.1.0.500 have a DLL hijacking vulnerability. This vulnerability exists due to some DLL file is loaded by HiSuite improperly. And it allows an attacker to load this DLL file of the attacker's choosing. Antes de HiSuite versión 10.1.0.500, se presenta una vulnerabilidad de secuestro DLL. Esta vulnerabilidad se presenta debido a que algún archivo DLL es cargado por HiSuite inapropiadamente. • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200701-01-dllhijacking-en • CWE-427: Uncontrolled Search Path Element •

CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0

HiSuite with 9.1.0.305 and earlier versions and 9.1.0.305(MAC) and earlier versions and HwBackup with earlier versions before 9.1.1.308 have a brute forcing encrypted backup data vulnerability. Huawei smartphone user backup information can be obtained by brute forcing the password for encrypting the backup. HiSuite con versiones 9.1.0.305 y anteriores y 9.1.0.305(MAC) y anteriores y HwBackup con versiones anteriores a 9.1.1.308, presentan una vulnerabilidad de datos de copia de seguridad encriptados por fuerza bruta. La información de la copia de seguridad del usuario del teléfono inteligente Huawei puede ser obtenida mediante fuerza bruta de la contraseña para cifrar la copia de seguridad. • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190821-01-backup-en • CWE-307: Improper Restriction of Excessive Authentication Attempts •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

HiSuite 9.1.0.300 versions and earlier contains a DLL hijacking vulnerability. This vulnerability exists due to some DLL file is loaded by HiSuite improperly. And it allows an attacker to load this DLL file of the attacker's choosing that could execute arbitrary code. Las versiones HiSuite 9.1.0.300 y anteriores contiene un vulnerabilidad de secuestro DLL. Esta vulnerabilidad existe debido a algunos archivos DLL son cargados por HiSuite incorrectamente. • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190612-01-dllhijacking-en • CWE-427: Uncontrolled Search Path Element •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1

Huawei HiSuite before 4.0.4.204_ove (Out of China) and before 4.0.4.301 (China) use a weak ACL (FILE_WRITE_DATA for BUILTIN\Users) for the HiSuite service directory, which allows local users to gain SYSTEM privileges via a Trojan horse (1) SspiCli.dll or (2) USERENV.dll file or possibly other unspecified DLL files. Huawei HiSuite en versiones anteriores a 4.0.4.204_ove (fuera de China) y en versiones anteriores a 4.0.4.301 (China) utiliza un ACL débil (FILE_WRITE_DATA para BUILTIN\Users) para el directorio de servicio HiSuite, lo que permite a usuarios locales obtener privilegios SYSTEM a través de un archivo Troyano (1) SspiCli.dll o (2) USERENV.dll o posiblemente otros archivos DLL no especificados. A privilege escalation vulnerability was identified in the Huawei HiSuite software which can be used by a local user to elevate privileges to become the SYSTEM user. The root cause of the problem are insecure ACLs on the HandSet service directory which allows any authenticated user to place a crafted DLL file in that directory to perform a DLL hijacking attack. Versions 4.0.3.301 and below are affected. • http://packetstormsecurity.com/files/137733/Huawei-HiSuite-For-Windows-4.0.3.301-Privilege-Escalation.html http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160624-01-hisuite-en http://www.securityfocus.com/archive/1/538797/100/0/threaded http://www.securityfocus.com/bid/91418 https://labs.bluefrostsecurity.de/advisories/bfs-sa-2016-003 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.3EPSS: 0%CPEs: 7EXPL: 0

Huawei HiSuite (In China) before 4.0.4.301 and (Out of China) before 4.0.4.204_ove allows remote attackers to install arbitrary apps on a connected phone via unspecified vectors. Huawei HiSuite (en China) en versiones anteriores a 4.0.4.301 y (fuera de China) en versiones anteriores a 4.0.4.204_ove permite a atacantes remotos instalar aplicaciones arbitrarias en un teléfono conectado a través de vectores no especificados. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160422-01-hisuite-en http://www.securityfocus.com/bid/92622 •