CVE-2017-2693
Last modified
CVE-2017-2693 is a vulnerability of currently unknown severity. ALE-L02C635B140 and earlier versions,ALE-L02C636B140 and earlier versions,ALE-L21C10B150 and earlier versions,ALE-L21C185B200 and earlier versions,ALE-L21C432B214 and earlier versions,ALE-L21C464B150 and earlier versions,ALE-L21C636B200 and earlier versions,ALE-L23C605B190 and earlier versions,ALE-TL00C01B250 and earlier versions,ALE-UL00C00B250 and earlier versions,MT7-L09C605B325 and earlier versions,MT7-L09C900B339 and earlier versions,MT7-TL10C900B339 and earlier versions,CRR-CL00C92B172 and earlier versions,CRR-L09C432B180 and earlier versions,CRR-TL00C01B172 and earlier versions,CRR-UL00C00B172 and earlier versions,CRR-UL20C432B171 and earlier versions,GRA-CL00C92B230 and earlier versions,GRA-L09C432B222 and earlier versions,GRA-TL00C01B230SP01 and earlier versions,GRA-UL00C00B230 and earlier versions,GRA-UL00C10B201 and earlier versions,GRA-UL00C432B220 and earlier versions,H60-L04C10B523 and earlier versions,H60-L04C185B523 and earlier versions,H60-L04C636B527 and earlier versions,H60-L04C900B530 and earlier versions,PLK-AL10C00B220 and earlier versions,PLK-AL10C92B220 and earlier versions,PLK-CL00C92B220 and earlier versions,PLK-L01C10B140 and earlier versions,PLK-L01C185B130 and earlier versions,PLK-L01C432B187 and earlier versions,PLK-L01C432B190 and earlier versions,PLK-L01C432B190 and earlier versions,PLK-L01C636B130 and earlier versions,PLK-TL00C01B220 and earlier versions,PLK-TL01HC01B220 and earlier versions,PLK-UL00C17B220 and earlier versions,ATH-AL00C00B210 and earlier versions,ATH-AL00C92B200 and earlier versions,ATH-CL00C92B210 and earlier versions,ATH-TL00C01B210 and earlier versions,ATH-TL00HC01B210 and earlier versions,ATH-UL00C00B210 and earlier versions,RIO-AL00C00B220 and earlier versions,RIO-CL00C92B220 and earlier versions,RIO-TL00C01B220 and earlier versions,RIO-UL00C00B220 and earlier versions have a path traversal vulnerability. An attacker may exploit it to decompress malicious files into a target path.. EPSS estimates a 1.05% chance of exploitation in the next 30 days.
Description
ALE-L02C635B140 and earlier versions,ALE-L02C636B140 and earlier versions,ALE-L21C10B150 and earlier versions,ALE-L21C185B200 and earlier versions,ALE-L21C432B214 and earlier versions,ALE-L21C464B150 and earlier versions,ALE-L21C636B200 and earlier versions,ALE-L23C605B190 and earlier versions,ALE-TL00C01B250 and earlier versions,ALE-UL00C00B250 and earlier versions,MT7-L09C605B325 and earlier versions,MT7-L09C900B339 and earlier versions,MT7-TL10C900B339 and earlier versions,CRR-CL00C92B172 and earlier versions,CRR-L09C432B180 and earlier versions,CRR-TL00C01B172 and earlier versions,CRR-UL00C00B172 and earlier versions,CRR-UL20C432B171 and earlier versions,GRA-CL00C92B230 and earlier versions,GRA-L09C432B222 and earlier versions,GRA-TL00C01B230SP01 and earlier versions,GRA-UL00C00B230 and earlier versions,GRA-UL00C10B201 and earlier versions,GRA-UL00C432B220 and earlier versions,H60-L04C10B523 and earlier versions,H60-L04C185B523 and earlier versions,H60-L04C636B527 and earlier versions,H60-L04C900B530 and earlier versions,PLK-AL10C00B220 and earlier versions,PLK-AL10C92B220 and earlier versions,PLK-CL00C92B220 and earlier versions,PLK-L01C10B140 and earlier versions,PLK-L01C185B130 and earlier versions,PLK-L01C432B187 and earlier versions,PLK-L01C432B190 and earlier versions,PLK-L01C432B190 and earlier versions,PLK-L01C636B130 and earlier versions,PLK-TL00C01B220 and earlier versions,PLK-TL01HC01B220 and earlier versions,PLK-UL00C17B220 and earlier versions,ATH-AL00C00B210 and earlier versions,ATH-AL00C92B200 and earlier versions,ATH-CL00C92B210 and earlier versions,ATH-TL00C01B210 and earlier versions,ATH-TL00HC01B210 and earlier versions,ATH-UL00C00B210 and earlier versions,RIO-AL00C00B220 and earlier versions,RIO-CL00C92B220 and earlier versions,RIO-TL00C01B220 and earlier versions,RIO-UL00C00B220 and earlier versions have a path traversal vulnerability. An attacker may exploit it to decompress malicious files into a target path.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Huawei | P8 Lite Firmware | <= ale-l02c635b140 |
| Huawei | P8 Lite Firmware | <= ale-l02c636b140 |
| Huawei | P8 Lite Firmware | <= ale-l21c10b150 |
| Huawei | P8 Lite Firmware | <= ale-l21c185b200 |
| Huawei | P8 Lite Firmware | <= ale-l21c432b214 |
| Huawei | P8 Lite Firmware | <= ale-l21c464b150 |
| Huawei | P8 Lite Firmware | <= ale-l21c636b200 |
| Huawei | P8 Lite Firmware | <= ale-l23c605b190 |
| Huawei | P8 Lite Firmware | <= ale-tl00c01b250 |
| Huawei | P8 Lite Firmware | <= ale-ul00c00b250. |
| Huawei | Mate 7 Firmware | <= mt7-l09c605b325 |
| Huawei | Mate 7 Firmware | <= mt7-l09c900b339 |
| Huawei | Mate 7 Firmware | <= mt7-tl10c900b339 |
| Huawei | Mate S Firmware | <= crr-cl00c92b172 |
| Huawei | Mate S Firmware | <= crr-l09c432b180 |
| Huawei | Mate S Firmware | <= crr-tl00c01b172 |
| Huawei | Mate S Firmware | <= crr-ul00c00b172 |
| Huawei | Mate S Firmware | <= crr-ul20c432b171 |
| Huawei | P8 Firmware | <= gra-cl00c92b230 |
| Huawei | P8 Firmware | <= gra-l09c432b222 |
| Huawei | P8 Firmware | <= gra-tl00c01b230sp01 |
| Huawei | P8 Firmware | <= gra-ul00c00b230 |
| Huawei | P8 Firmware | <= gra-ul00c10b201 |
| Huawei | P8 Firmware | <= gra-ul00c432b220 |
| Huawei | Honor 6 Firmware | <= h60-l04c10b523 |
| Huawei | Honor 6 Firmware | <= h60-l04c185b523 |
| Huawei | Honor 6 Firmware | <= h60-l04c636b527 |
| Huawei | Honor 6 Firmware | <= h60-l04c900b530 |
| Huawei | Honor 7 Firmware | <= plk-al10c00b220 |
| Huawei | Honor 7 Firmware | <= plk-al10c92b220 |
| Huawei | Honor 7 Firmware | <= plk-cl00c92b220 |
| Huawei | Honor 7 Firmware | <= plk-l01c10b140 |
| Huawei | Honor 7 Firmware | <= plk-l01c432b187 |
| Huawei | Honor 7 Firmware | <= plk-l01c432b190 |
| Huawei | Honor 7 Firmware | <= plk-l01c636b130 |
| Huawei | Honor 7 Firmware | <= plk-tl00c01b220 |
| Huawei | Honor 7 Firmware | <= plk-tl01hc01b220 |
| Huawei | Honor 7 Firmware | <= plk-ul00c17b220 |
| Huawei | Shotx Firmware | <= ath-al00c92b200 |
| Huawei | Shotx Firmware | <= ath-cl00c92b210 |
| Huawei | Shotx Firmware | <= ath-tl00c01b210 |
| Huawei | Shotx Firmware | <= ath-tl00hc01b210 |
| Huawei | Shotx Firmware | <= ath-ul00c00b210 |
| Huawei | Shotx Firmware | <= rio-al00c00b220 |
| Huawei | Shotx Firmware | <= ath-al00c00b210 |
| Huawei | G8 Firmware | <= rio-al00c00b220 |
| Huawei | G8 Firmware | <= rio-cl00c92b220 |
| Huawei | G8 Firmware | <= rio-tl00c01b220 |
| Huawei | G8 Firmware | <= rio-ul00c00b220 |
References
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170125-01-emui-enIssue Tracking, Vendor Advisory
- http://www.securityfocus.com/bid/95919Third Party Advisory, VDB Entry
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170125-01-emui-enIssue Tracking, Vendor Advisory
- http://www.securityfocus.com/bid/95919Third Party Advisory, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-2693?
How severe is CVE-2017-2693?
How do I fix CVE-2017-2693?
Are you affected by CVE-2017-2693?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST