Vulnerabilities > CVE-2017-8216 - Incorrect Authorization vulnerability in Huawei P10 Lite Firmware Warsawal00C00B180

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

local

low complexity

huawei

CWE-863

NVD

Published: 2017-11-22

Updated: 2020-08-24

Summary

Warsaw Huawei Smart phones with software of versions earlier than Warsaw-AL00C00B180, versions earlier than Warsaw-TL10C01B180 have a permission control vulnerability. Due to improper authorization on specific processes, an attacker with the root privilege of a mobile Android system can exploit this vulnerability to obtain some information of the user.

Vulnerable Configurations

Part	Description	Count
OS	Huawei Huawei P10 Lite Firmware * Huawei P10 Lite Firmware Warsaw-Al00C00B180	2
Hardware	Huawei Huawei P10 Lite -	1

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170614-01-smartphone-en
http://www.securityfocus.com/bid/102190