Sign-up

ID

VAR-201803-0204


CVE

CVE-2017-17326


TITLE

Huawei Mate 9 Pro Smartphone software access control vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-012881

DESCRIPTION

Huawei Mate 9 Pro Smartphones with software of LON-AL00BC00B139D; LON-AL00BC00B229 have an activation lock bypass vulnerability. The smartphone is supposed to be activated by the former account after reset if find my phone function is on. The software does not have a sufficient protection of activation lock. Successful exploit could allow an attacker to bypass the activation lock and activate the smartphone by a new account after a series of operation. HuaweiMate9Pro is a smartphone from China's Huawei company. Multiple Huawei Smartphones are prone to a local security-bypass vulnerability. Attackers can exploit this issue to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks

Trust: 2.52

sources: NVD: CVE-2017-17326 // JVNDB: JVNDB-2017-012881 // CNVD: CNVD-2018-00346 // BID: 103510 // VULHUB: VHN-108337

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-00346

AFFECTED PRODUCTS

vendor:huaweimodel:mate 9 pro fimwarescope:eqversion:lon-al00bc00b229

Trust: 1.6

vendor:huaweimodel:mate 9 pro fimwarescope:eqversion:lon-al00bc00b139d

Trust: 1.6

vendor:huaweimodel:mate pro lon-al00bc00b139dscope:eqversion:9

Trust: 0.9

vendor:huaweimodel:mate pro lon-al00bc00b229scope:eqversion:9

Trust: 0.9

vendor:huaweimodel:mate 9 proscope:eqversion:lon-al00bc00b139d

Trust: 0.8

vendor:huaweimodel:mate 9 proscope:eqversion:lon-al00bc00b229

Trust: 0.8

vendor:huaweimodel:mate pro lon-al00bscope:neversion:98.0.0.334(

Trust: 0.3

sources: CNVD: CNVD-2018-00346 // BID: 103510 // JVNDB: JVNDB-2017-012881 // CNNVD: CNNVD-201803-289 // NVD: CVE-2017-17326

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-17326
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-17326
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2018-00346
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201803-289
value: MEDIUM

Trust: 0.6

VULHUB: VHN-108337
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2017-17326
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-00346
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:N/I:C/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-108337
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-17326
baseSeverity: MEDIUM
baseScore: 4.6
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 0.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-00346 // VULHUB: VHN-108337 // JVNDB: JVNDB-2017-012881 // CNNVD: CNNVD-201803-289 // NVD: CVE-2017-17326

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-284

Trust: 0.9

sources: VULHUB: VHN-108337 // JVNDB: JVNDB-2017-012881 // NVD: CVE-2017-17326

THREAT TYPE

local

Trust: 0.9

sources: BID: 103510 // CNNVD: CNNVD-201803-289

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201803-289

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-012881

PATCH
title:huawei-sa-20171227-01-smartphoneurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171227-01-smartphone-en
Trust: 0.8
title:HuaweiMate9Pro activates the lock of the lock bypass vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/112743
Trust: 0.6
title:Huawei Mate 9 Pro Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79011
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-00346 // 
            
            
            
            JVNDB: JVNDB-2017-012881 // 
            
            
            
            CNNVD: CNNVD-201803-289

EXTERNAL IDS
db:NVDid:CVE-2017-17326
Trust: 3.4
db:JVNDBid:JVNDB-2017-012881
Trust: 0.8
db:CNVDid:CNVD-2018-00346
Trust: 0.6
db:CNNVDid:CNNVD-201803-289
Trust: 0.6
db:BIDid:103510
Trust: 0.4
db:VULHUBid:VHN-108337
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-00346 // 
            
            
            
            VULHUB: VHN-108337 // 
            
            
            
            BID: 103510 // 
            
            
            
            JVNDB: JVNDB-2017-012881 // 
            
            
            
            CNNVD: CNNVD-201803-289 // 
            
            
            
            NVD: CVE-2017-17326

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171227-01-smartphone-en
Trust: 2.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17326
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-17326
Trust: 0.8
url:http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20171227-01-smartphone-cn
Trust: 0.6
url:http://www.huawei.com
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2018-00346 // 
            
            
            
            VULHUB: VHN-108337 // 
            
            
            
            BID: 103510 // 
            
            
            
            JVNDB: JVNDB-2017-012881 // 
            
            
            
            CNNVD: CNNVD-201803-289 // 
            
            
            
            NVD: CVE-2017-17326

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 103510

SOURCES
db:CNVDid:CNVD-2018-00346
db:VULHUBid:VHN-108337
db:BIDid:103510
db:JVNDBid:JVNDB-2017-012881
db:CNNVDid:CNNVD-201803-289
db:NVDid:CVE-2017-17326

LAST UPDATE DATE
2024-11-23T22:59:05.554000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-00346date:2018-01-05T00:00:00
db:VULHUBid:VHN-108337date:2019-10-03T00:00:00
db:BIDid:103510date:2017-12-27T00:00:00
db:JVNDBid:JVNDB-2017-012881date:2018-04-26T00:00:00
db:CNNVDid:CNNVD-201803-289date:2019-10-23T00:00:00
db:NVDid:CVE-2017-17326date:2024-11-21T03:17:50.563

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-00346date:2018-01-05T00:00:00
db:VULHUBid:VHN-108337date:2018-03-09T00:00:00
db:BIDid:103510date:2017-12-27T00:00:00
db:JVNDBid:JVNDB-2017-012881date:2018-04-26T00:00:00
db:CNNVDid:CNNVD-201803-289date:2018-03-13T00:00:00
db:NVDid:CVE-2017-17326date:2018-03-09T17:29:02.143