Permission Issues

CVE-2017-8153

High

7.1/10

Summary

Huawei VMall (for Android) with the versions before 1.5.8.5 have a privilege elevation vulnerability due to improper design. An attacker can trick users into installing a malicious app which can send out HTTP requests and execute JavaScript code in web pages without obtaining the Internet access permission. Successful exploit could lead to resource occupation or information leak.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-275 - Permission Issues

Weaknesses in this category are related to improper assignment or handling of permissions.

References

Advisory Timeline

Published Nov 22, 2017

Permission Issues

CVE-2017-8153

Summary

CWE-275 - Permission Issues

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS