Sign-up

ID

VAR-201711-0257


CVE

CVE-2017-2691


TITLE

Huawei P9 Smartphone software access control vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-010500

DESCRIPTION

Huawei P9 versions earlier before EVA-AL10C00B373, versions earlier before EVA-CL00C92B373, versions earlier before EVA-DL00C17B373, versions earlier before EVA-TL00C01B373 have a lock-screen bypass vulnerability. An unauthenticated attacker could force the phone to the fastboot mode and delete the user's password file during the reboot process, then login the phone without screen lock password after reboot. Huawei P9 Smartphone software contains a vulnerability related to access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HuaweiP9 is a Huawei smartphone product from China. HuaweiP9 has a lock screen bypass vulnerability. Huawei Smart Phones are prone to a security-bypass vulnerability. An attacker may exploit this issue to bypass certain security restrictions and cause denial-of-service conditions. There is a security flaw in the Huawei P9

Trust: 2.52

sources: NVD: CVE-2017-2691 // JVNDB: JVNDB-2017-010500 // CNVD: CNVD-2017-00662 // BID: 95658 // VULHUB: VHN-110894

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-00662

AFFECTED PRODUCTS

vendor:huaweimodel:p9scope:ltversion:eva-al10c00b373

Trust: 1.8

vendor:huaweimodel:p9scope:ltversion:eva-cl00c92b373

Trust: 1.8

vendor:huaweimodel:p9scope:ltversion:eva-dl00c17b373

Trust: 1.8

vendor:huaweimodel:p9scope:ltversion:eva-tl00c01b373

Trust: 1.8

vendor:huaweimodel:p9 <eva-al10c00b373scope: - version: -

Trust: 0.6

vendor:huaweimodel:p9 <eva-cl00c92b373scope: - version: -

Trust: 0.6

vendor:huaweimodel:p9 <eva-dl00c17b373scope: - version: -

Trust: 0.6

vendor:huaweimodel:p9scope:eqversion:0

Trust: 0.3

vendor:huaweimodel:p9 eva-tl00c01b373scope:neversion: -

Trust: 0.3

vendor:huaweimodel:p9 eva-dl00c17b373scope:neversion: -

Trust: 0.3

vendor:huaweimodel:p9 eva-cl00c92b373scope:neversion: -

Trust: 0.3

vendor:huaweimodel:p9 eva-al10c00b373scope:neversion: -

Trust: 0.3

sources: CNVD: CNVD-2017-00662 // BID: 95658 // JVNDB: JVNDB-2017-010500 // NVD: CVE-2017-2691

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-2691
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-2691
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2017-00662
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201701-773
value: MEDIUM

Trust: 0.6

VULHUB: VHN-110894
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-2691
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-00662
severity: MEDIUM
baseScore: 6.8
vectorString: AV:A/AC:H/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.2
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-110894
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-2691
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-00662 // VULHUB: VHN-110894 // JVNDB: JVNDB-2017-010500 // CNNVD: CNNVD-201701-773 // NVD: CVE-2017-2691

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-284

Trust: 0.9

sources: VULHUB: VHN-110894 // JVNDB: JVNDB-2017-010500 // NVD: CVE-2017-2691

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201701-773

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201701-773

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-010500

PATCH
title:huawei-sa-20170118-01-smartphoneurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170118-01-smartphone-en
Trust: 0.8
title:HuaweiP9 lock screen bypasses the patch of the vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/88421
Trust: 0.6
title:Huawei P9 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=67332
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-00662 // 
            
            
            
            JVNDB: JVNDB-2017-010500 // 
            
            
            
            CNNVD: CNNVD-201701-773

EXTERNAL IDS
db:NVDid:CVE-2017-2691
Trust: 3.4
db:BIDid:95658
Trust: 2.0
db:JVNDBid:JVNDB-2017-010500
Trust: 0.8
db:CNNVDid:CNNVD-201701-773
Trust: 0.7
db:CNVDid:CNVD-2017-00662
Trust: 0.6
db:VULHUBid:VHN-110894
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-00662 // 
            
            
            
            VULHUB: VHN-110894 // 
            
            
            
            BID: 95658 // 
            
            
            
            JVNDB: JVNDB-2017-010500 // 
            
            
            
            CNNVD: CNNVD-201701-773 // 
            
            
            
            NVD: CVE-2017-2691

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170118-01-smartphone-en
Trust: 2.0
url:http://www.securityfocus.com/bid/95658
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2691
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-2691
Trust: 0.8
url:http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20170118-01-smartphone-cn
Trust: 0.6
url:http://www.huawei.com
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-00662 // 
            
            
            
            VULHUB: VHN-110894 // 
            
            
            
            BID: 95658 // 
            
            
            
            JVNDB: JVNDB-2017-010500 // 
            
            
            
            CNNVD: CNNVD-201701-773 // 
            
            
            
            NVD: CVE-2017-2691

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 95658

SOURCES
db:CNVDid:CNVD-2017-00662
db:VULHUBid:VHN-110894
db:BIDid:95658
db:JVNDBid:JVNDB-2017-010500
db:CNNVDid:CNNVD-201701-773
db:NVDid:CVE-2017-2691

LAST UPDATE DATE
2024-11-23T22:34:27.635000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-00662date:2017-01-20T00:00:00
db:VULHUBid:VHN-110894date:2019-10-03T00:00:00
db:BIDid:95658date:2017-01-23T00:12:00
db:JVNDBid:JVNDB-2017-010500date:2017-12-15T00:00:00
db:CNNVDid:CNNVD-201701-773date:2019-10-23T00:00:00
db:NVDid:CVE-2017-2691date:2024-11-21T03:23:59.293

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-00662date:2017-01-20T00:00:00
db:VULHUBid:VHN-110894date:2017-11-22T00:00:00
db:BIDid:95658date:2017-01-18T00:00:00
db:JVNDBid:JVNDB-2017-010500date:2017-12-15T00:00:00
db:CNNVDid:CNNVD-201701-773date:2017-01-20T00:00:00
db:NVDid:CVE-2017-2691date:2017-11-22T19:29:00.287