Vendor | Huawei, www.huawei.com |
Affected Products | HiSuite for Windows |
Affected Versions | <= 4.0.3.301 |
CVE ID | CVE-2016-5821 |
OVE ID | OVE-20160624-0001 |
Severity | High |
Author | Benjamin Gnahm (@mitp0sh), Blue Frost Security GmbH |
I. Impact
II. Technical Details
C:\>cacls c:\programdata\HandSetService c:\programdata\HandSetService NT AUTHORITY\SYSTEM:(OI)(CI)(ID)F BUILTIN\Administrators:(OI)(CI)(ID)F CREATOR OWNER:(OI)(CI)(IO)(ID)F BUILTIN\Users:(OI)(CI)(ID)R BUILTIN\Users:(CI)(ID)(special access:) FILE_WRITE_DATA FILE_APPEND_DATA FILE_WRITE_EA FILE_WRITE_ATTRIBUTES
III. Mitigation
IV. Disclosure Timeline
2016-04-25 |
Contacted Huawei PSIRT Team and sent the advisory |
2016-04-25 |
Huawei confirmed the receipt of the advisory and started analysis |
2016-05-27 | Requested status update |
2016-06-13 |
Requested status update again |
2016-06-14 | Huawei announced that the fix will happen in June |
2016-06-24 | Huawei released updated software versions and security advisory at: http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160624-01-hisuite-en |
Unaltered electronic reproduction of this advisory is permitted. For all other reproduction or publication, in printing or otherwise, contact research@bluefrostsecurity.de for permission. Use of the advisory constitutes acceptance for use in an "as is" condition. All warranties are excluded. In no event shall Blue Frost Security be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Blue Frost Security has been advised of the possibility of such damages.
Copyright 2016 Blue Frost Security GmbH. All rights reserved. Terms of use apply.