CVE-2017-8153
Last modified
CVE-2017-8153 is a vulnerability of currently unknown severity. Huawei VMall (for Android) with the versions before 1.5.8.5 have a privilege elevation vulnerability due to improper design. An attacker can trick users into installing a malicious app which can send out HTTP requests and execute JavaScript code in web pages without obtaining the Internet access permission. EPSS estimates a 0.61% chance of exploitation in the next 30 days.
Description
Huawei VMall (for Android) with the versions before 1.5.8.5 have a privilege elevation vulnerability due to improper design. An attacker can trick users into installing a malicious app which can send out HTTP requests and execute JavaScript code in web pages without obtaining the Internet access permission. Successful exploit could lead to resource occupation or information leak.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Huawei | Vmall | < 1.5.8.5 |
References
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170901-01-smartphone-enIssue Tracking, Vendor Advisory
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170901-01-smartphone-enIssue Tracking, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-8153?
How severe is CVE-2017-8153?
How do I fix CVE-2017-8153?
Are you affected by CVE-2017-8153?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST