First published: Wed Nov 22 2017(Updated: )
Mate 9 smartphones with software MHA-AL00AC00B125 have a privilege escalation vulnerability in Push module. An attacker tricks a user to save a rich media into message on the smart phone, which could be exploited to cause the attacker to delete message or fake user to send message.
Credit: psirt@huawei.com
Affected Software | Affected Version | How to fix |
---|---|---|
Huawei Mate 9 Firmware | <=mha-al00ac00b125 | |
Huawei Mate 9 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2017-2707.
The severity of CVE-2017-2707 is high with a CVSS score of 7.1.
Mate 9 smartphones with software MHA-AL00AC00B125 are affected by CVE-2017-2707.
An attacker can exploit CVE-2017-2707 by tricking a user to save a rich media into a message on the smartphone.
To mitigate CVE-2017-2707, users should update the software to a version that is not vulnerable.