Permission Issues

CVE-2017-2694

Low

3.3/10

Summary

The AlarmService component in HwVmall with software earlier than 1.5.2.0 versions has no control over calling permissions, allowing any third party to call. An attacker can construct a malicious application to call it. Consequently, alert music will be played suddenly, compromising user experience.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: LOW
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: NONE

CWE-275 - Permission Issues

Weaknesses in this category are related to improper assignment or handling of permissions.

References

Advisory Timeline

Published Nov 22, 2017

Permission Issues

CVE-2017-2694

Summary

CWE-275 - Permission Issues

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS