CVE-2014-8571

Description

Apps on Huawei Ascend P6 mobile phones with software EDGE-U00 V100R001C17B508SP01 and earlier versions before V100R001C17B508SP02; EDGE-T00 V100R001C01B508SP01 and earlier versions before V100R001C01B508SP02; EDGE-C00 V100R001C92B508SP02 and earlier versions before V100R001C92B508SP03 can capture screens without the root permission. As a result, user information can be leaked by malware on Ascend P6 mobile phones.

References

Link	Tags
http://www.huawei.com/en/psirt/security-advisories/hw-372118	vendor advisory

Frequently Asked Questions

What is the severity of CVE-2014-8571?: CVE-2014-8571 has been scored as a low severity vulnerability.
How to fix CVE-2014-8571?: To fix CVE-2014-8571, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2014-8571 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2014-8571 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2014-8571?: CVE-2014-8571 affects n/a EDGE-U00,EDGE-T00,EDGE-C00 EDGE-U00 V100R001C17B508SP01 and earlier versions,V100R001C17B508SP02,EDGE-T00 V100R001C01B508SP01 and earlier versions,V100R001C01B508SP02,EDGE-C00 V100R001C92B508SP02 and earlier versions,V100R001C92B508SP03.

This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.

Description

Category

CWE-264 – Permissions, Privileges, and Access Controls

References

Frequently Asked Questions