Huawei HiSuite prior to 4.0.4.204_ove (Out of China) and prior to 4.0.4.301 (China) use a weak ACL (FILE_WRITE_DATA for BUILTIN\Users) for the HiSuite service directory, which allows local users to gain SYSTEM privileges via a Trojan horse (1) SspiCli.dll or (2) USERENV.dll file or possibly other unspecified DLL files.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
huawei hisuite |