Sign-up

ID

VAR-201306-0207


CVE

CVE-2012-6568


TITLE

Huawei UTPS Vulnerable to buffer overflow

Trust: 0.8

sources: JVNDB: JVNDB-2012-006005

DESCRIPTION

Buffer overflow in the back-end component in Huawei UTPS 1.0 allows local users to gain privileges via a long IDS_PLUGIN_NAME string in a plug-in configuration file. Huawei UTPS is prone to a local buffer-overflow vulnerability. Local attackers can exploit this issue to run arbitrary code with the privilege of the user running an affected application. Huawei UTPS is an application software for data card management run on PC by Huawei, China. There is a buffer overflow vulnerability in the back-end component of Huawei UTPS version 1.0. The vulnerability is due to insufficient verification of the incoming parameters when copying the string (IDS_PLUGIN_NAME), resulting in call stack overflow. A local attacker could execute a malicious user-specified script, which opens a malicious user-specified application

Trust: 1.98

sources: NVD: CVE-2012-6568 // JVNDB: JVNDB-2012-006005 // BID: 60717 // VULHUB: VHN-59849

AFFECTED PRODUCTS

vendor:huaweimodel:utpsscope:eqversion:1.0

Trust: 2.4

sources: JVNDB: JVNDB-2012-006005 // CNNVD: CNNVD-201306-404 // NVD: CVE-2012-6568

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-6568
value: MEDIUM

Trust: 1.0

NVD: CVE-2012-6568
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201306-404
value: MEDIUM

Trust: 0.6

VULHUB: VHN-59849
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2012-6568
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-59849
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-59849 // JVNDB: JVNDB-2012-006005 // CNNVD: CNNVD-201306-404 // NVD: CVE-2012-6568

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-59849 // JVNDB: JVNDB-2012-006005 // NVD: CVE-2012-6568

THREAT TYPE

local

Trust: 0.9

sources: BID: 60717 // CNNVD: CNNVD-201306-404

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201306-404

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2012-006005

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-59849

PATCH
title:Huawei-SA-20120922-01-UTPSurl:http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-204627.htm
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2012-006005

EXTERNAL IDS
db:NVDid:CVE-2012-6568
Trust: 2.8
db:PACKETSTORMid:116604
Trust: 1.7
db:JVNDBid:JVNDB-2012-006005
Trust: 0.8
db:CNNVDid:CNNVD-201306-404
Trust: 0.7
db:BIDid:60717
Trust: 0.4
db:EXPLOIT-DBid:21988
Trust: 0.1
db:SEEBUGid:SSVID-75802
Trust: 0.1
db:VULHUBid:VHN-59849
Trust: 0.1
sources:
            
            
            VULHUB: VHN-59849 // 
            
            
            
            BID: 60717 // 
            
            
            
            JVNDB: JVNDB-2012-006005 // 
            
            
            
            CNNVD: CNNVD-201306-404 // 
            
            
            
            NVD: CVE-2012-6568

REFERENCES
url:http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-204627.htm
Trust: 1.7
url:http://packetstormsecurity.org/files/download/116604/huawei-overflow.txt
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-6568
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-6568
Trust: 0.8
url:https://srcm.symantec.com/editvulnerabilityfixes.aspx?docid=1042726
Trust: 0.3
sources:
            
            
            VULHUB: VHN-59849 // 
            
            
            
            BID: 60717 // 
            
            
            
            JVNDB: JVNDB-2012-006005 // 
            
            
            
            CNNVD: CNNVD-201306-404 // 
            
            
            
            NVD: CVE-2012-6568

CREDITS
Souhail Hammou
Trust: 0.3
sources:
            
            
            BID: 60717

SOURCES
db:VULHUBid:VHN-59849
db:BIDid:60717
db:JVNDBid:JVNDB-2012-006005
db:CNNVDid:CNNVD-201306-404
db:NVDid:CVE-2012-6568

LAST UPDATE DATE
2025-04-11T23:17:16.593000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-59849date:2013-06-21T00:00:00
db:BIDid:60717date:2015-03-19T08:43:00
db:JVNDBid:JVNDB-2012-006005date:2013-06-24T00:00:00
db:CNNVDid:CNNVD-201306-404date:2013-06-21T00:00:00
db:NVDid:CVE-2012-6568date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-59849date:2013-06-20T00:00:00
db:BIDid:60717date:2012-09-22T00:00:00
db:JVNDBid:JVNDB-2012-006005date:2013-06-24T00:00:00
db:CNNVDid:CNNVD-201306-404date:2013-06-21T00:00:00
db:NVDid:CVE-2012-6568date:2013-06-20T15:55:00.930