cvelistv5 - cve-2017-2691

CVE-2017-2691 (GCVE-0-2017-2691)

Vulnerability from cvelistv5 – Published: 2017-11-22 19:00 – Updated: 2024-09-16 19:35

Summary

Severity ?

No CVSS data available.

CWE

Lock-screen Bypass

Assigner

huawei

References

URL

Tags

	http://www.securityfocus.com/bid/95658	vdb-entryx_refsource_BID
	http://www.huawei.com/en/psirt/security-advisorie…	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Huawei Technologies Co., Ltd.	Huawei P9	Affected: Versions earlier before EVA-AL10C00B373, Versions earlier before EVA-CL00C92B373, Versions earlier before EVA-DL00C17B373, Versions earlier before EVA-TL00C01B373,

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T14:02:07.479Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "95658",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/95658"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170118-01-smartphone-en"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Huawei P9",
          "vendor": "Huawei Technologies Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "Versions earlier before EVA-AL10C00B373, Versions earlier before EVA-CL00C92B373, Versions earlier before EVA-DL00C17B373, Versions earlier before EVA-TL00C01B373,"
            }
          ]
        }
      ],
      "datePublic": "2017-11-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Huawei P9 versions earlier before EVA-AL10C00B373, versions earlier before EVA-CL00C92B373, versions earlier before EVA-DL00C17B373, versions earlier before EVA-TL00C01B373 have a lock-screen bypass vulnerability. An unauthenticated attacker could force the phone to the fastboot mode and delete the user\u0027s password file during the reboot process, then login the phone without screen lock password after reboot."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Lock-screen Bypass",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-23T10:57:01",
        "orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
        "shortName": "huawei"
      },
      "references": [
        {
          "name": "95658",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/95658"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170118-01-smartphone-en"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@huawei.com",
          "DATE_PUBLIC": "2017-11-15T00:00:00",
          "ID": "CVE-2017-2691",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Huawei P9",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Versions earlier before EVA-AL10C00B373, Versions earlier before EVA-CL00C92B373, Versions earlier before EVA-DL00C17B373, Versions earlier before EVA-TL00C01B373,"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Huawei Technologies Co., Ltd."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Huawei P9 versions earlier before EVA-AL10C00B373, versions earlier before EVA-CL00C92B373, versions earlier before EVA-DL00C17B373, versions earlier before EVA-TL00C01B373 have a lock-screen bypass vulnerability. An unauthenticated attacker could force the phone to the fastboot mode and delete the user\u0027s password file during the reboot process, then login the phone without screen lock password after reboot."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Lock-screen Bypass"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "95658",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/95658"
            },
            {
              "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170118-01-smartphone-en",
              "refsource": "CONFIRM",
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170118-01-smartphone-en"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
    "assignerShortName": "huawei",
    "cveId": "CVE-2017-2691",
    "datePublished": "2017-11-22T19:00:00Z",
    "dateReserved": "2016-12-01T00:00:00",
    "dateUpdated": "2024-09-16T19:35:38.240Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:p9_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"eva-tl00c01b373\", \"matchCriteriaId\": \"6673B5F2-C31D-4B3C-88DC-A2DCACCB8872\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:huawei:p9:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B1E734BC-513F-4FF6-B4AB-46A3AD8FA9BA\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:p9_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"eva-dl00c17b373\", \"matchCriteriaId\": \"E1AA8AF4-484E-4511-8B82-5EA0F3045E5F\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:huawei:p9:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B1E734BC-513F-4FF6-B4AB-46A3AD8FA9BA\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:p9_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"eva-cl00c92b373\", \"matchCriteriaId\": \"6F398894-34C7-4D09-BD0C-15408F6702DB\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:huawei:p9:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B1E734BC-513F-4FF6-B4AB-46A3AD8FA9BA\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:p9_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"eva-al10c00b373\", \"matchCriteriaId\": \"E6D9BF45-6BA9-4F4A-A69B-350E6D492087\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:huawei:p9:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B1E734BC-513F-4FF6-B4AB-46A3AD8FA9BA\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Huawei P9 versions earlier before EVA-AL10C00B373, versions earlier before EVA-CL00C92B373, versions earlier before EVA-DL00C17B373, versions earlier before EVA-TL00C01B373 have a lock-screen bypass vulnerability. An unauthenticated attacker could force the phone to the fastboot mode and delete the user\u0027s password file during the reboot process, then login the phone without screen lock password after reboot.\"}, {\"lang\": \"es\", \"value\": \"Huawei P9 en versiones anteriores a la EVA-AL10C00B373, anteriores a la EVA-CL00C92B373, anteriores a la EVA-DL00C17B373 y anteriores a la EVA-TL00C01B373 tiene una vulnerabilidad de omisi\\u00f3n de pantalla de bloqueo. Un atacante sin autenticar podr\\u00eda forzar a que el tel\\u00e9fono entre en el modo fastboot y eliminar el archivo de contrase\\u00f1as del usuario durante el proceso de reinicio y, a continuaci\\u00f3n, iniciar el m\\u00f3vil sin contrase\\u00f1a de bloqueo de pantalla tras el reinicio.\"}]",
      "id": "CVE-2017-2691",
      "lastModified": "2024-11-21T03:23:59.293",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 6.8, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"PHYSICAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 0.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 7.2, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 3.9, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2017-11-22T19:29:00.287",
      "references": "[{\"url\": \"http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170118-01-smartphone-en\", \"source\": \"psirt@huawei.com\", \"tags\": [\"Issue Tracking\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/95658\", \"source\": \"psirt@huawei.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170118-01-smartphone-en\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/95658\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}]",
      "sourceIdentifier": "psirt@huawei.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-2691\",\"sourceIdentifier\":\"psirt@huawei.com\",\"published\":\"2017-11-22T19:29:00.287\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Huawei P9 versions earlier before EVA-AL10C00B373, versions earlier before EVA-CL00C92B373, versions earlier before EVA-DL00C17B373, versions earlier before EVA-TL00C01B373 have a lock-screen bypass vulnerability. An unauthenticated attacker could force the phone to the fastboot mode and delete the user\u0027s password file during the reboot process, then login the phone without screen lock password after reboot.\"},{\"lang\":\"es\",\"value\":\"Huawei P9 en versiones anteriores a la EVA-AL10C00B373, anteriores a la EVA-CL00C92B373, anteriores a la EVA-DL00C17B373 y anteriores a la EVA-TL00C01B373 tiene una vulnerabilidad de omisi\u00f3n de pantalla de bloqueo. Un atacante sin autenticar podr\u00eda forzar a que el tel\u00e9fono entre en el modo fastboot y eliminar el archivo de contrase\u00f1as del usuario durante el proceso de reinicio y, a continuaci\u00f3n, iniciar el m\u00f3vil sin contrase\u00f1a de bloqueo de pantalla tras el reinicio.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":6.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"PHYSICAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":7.2,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":3.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:p9_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"eva-tl00c01b373\",\"matchCriteriaId\":\"6673B5F2-C31D-4B3C-88DC-A2DCACCB8872\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:p9:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B1E734BC-513F-4FF6-B4AB-46A3AD8FA9BA\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:p9_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"eva-dl00c17b373\",\"matchCriteriaId\":\"E1AA8AF4-484E-4511-8B82-5EA0F3045E5F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:p9:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B1E734BC-513F-4FF6-B4AB-46A3AD8FA9BA\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:p9_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"eva-cl00c92b373\",\"matchCriteriaId\":\"6F398894-34C7-4D09-BD0C-15408F6702DB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:p9:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B1E734BC-513F-4FF6-B4AB-46A3AD8FA9BA\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:p9_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"eva-al10c00b373\",\"matchCriteriaId\":\"E6D9BF45-6BA9-4F4A-A69B-350E6D492087\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:p9:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B1E734BC-513F-4FF6-B4AB-46A3AD8FA9BA\"}]}]}],\"references\":[{\"url\":\"http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170118-01-smartphone-en\",\"source\":\"psirt@huawei.com\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/95658\",\"source\":\"psirt@huawei.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170118-01-smartphone-en\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/95658\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]}]}}"
  }
}

FKIE_CVE-2017-2691

Vulnerability from fkie_nvd - Published: 2017-11-22 19:29 - Updated: 2025-04-20 01:37

Severity ?

6.8 (Medium) - CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
psirt@huawei.com	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170118-01-smartphone-en	Issue Tracking, Vendor Advisory
psirt@huawei.com	http://www.securityfocus.com/bid/95658	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170118-01-smartphone-en	Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/95658	Third Party Advisory, VDB Entry

Impacted products

Vendor	Product	Version
huawei	p9_firmware	*
huawei	p9	-
huawei	p9_firmware	*
huawei	p9	-
huawei	p9_firmware	*
huawei	p9	-
huawei	p9_firmware	*
huawei	p9	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:huawei:p9_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6673B5F2-C31D-4B3C-88DC-A2DCACCB8872",
              "versionEndExcluding": "eva-tl00c01b373",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:huawei:p9:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1E734BC-513F-4FF6-B4AB-46A3AD8FA9BA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:huawei:p9_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1AA8AF4-484E-4511-8B82-5EA0F3045E5F",
              "versionEndExcluding": "eva-dl00c17b373",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:huawei:p9:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1E734BC-513F-4FF6-B4AB-46A3AD8FA9BA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:huawei:p9_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F398894-34C7-4D09-BD0C-15408F6702DB",
              "versionEndExcluding": "eva-cl00c92b373",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:huawei:p9:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1E734BC-513F-4FF6-B4AB-46A3AD8FA9BA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:huawei:p9_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6D9BF45-6BA9-4F4A-A69B-350E6D492087",
              "versionEndExcluding": "eva-al10c00b373",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:huawei:p9:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1E734BC-513F-4FF6-B4AB-46A3AD8FA9BA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Huawei P9 versions earlier before EVA-AL10C00B373, versions earlier before EVA-CL00C92B373, versions earlier before EVA-DL00C17B373, versions earlier before EVA-TL00C01B373 have a lock-screen bypass vulnerability. An unauthenticated attacker could force the phone to the fastboot mode and delete the user\u0027s password file during the reboot process, then login the phone without screen lock password after reboot."
    },
    {
      "lang": "es",
      "value": "Huawei P9 en versiones anteriores a la EVA-AL10C00B373, anteriores a la EVA-CL00C92B373, anteriores a la EVA-DL00C17B373 y anteriores a la EVA-TL00C01B373 tiene una vulnerabilidad de omisi\u00f3n de pantalla de bloqueo. Un atacante sin autenticar podr\u00eda forzar a que el tel\u00e9fono entre en el modo fastboot y eliminar el archivo de contrase\u00f1as del usuario durante el proceso de reinicio y, a continuaci\u00f3n, iniciar el m\u00f3vil sin contrase\u00f1a de bloqueo de pantalla tras el reinicio."
    }
  ],
  "id": "CVE-2017-2691",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "PHYSICAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 0.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-11-22T19:29:00.287",
  "references": [
    {
      "source": "psirt@huawei.com",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170118-01-smartphone-en"
    },
    {
      "source": "psirt@huawei.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/95658"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170118-01-smartphone-en"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/95658"
    }
  ],
  "sourceIdentifier": "psirt@huawei.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2017-00662

Vulnerability from cnvd - Published: 2017-01-20

Title

Huawei P9锁屏绕过漏洞

Description

Huawei P9是中国华为一款智能手机产品。 Huawei P9存在锁屏绕过漏洞。未经身份验证的攻击者在手机重启过程中可以强制手机进入fastboot模式并删除用户的密码文件。手机重启后锁屏密码消失，可直接使用手机。

Severity

中

Patch Name

Huawei P9锁屏绕过漏洞的补丁

Patch Description

Huawei P9是中国华为一款智能手机产品。 Huawei P9存在锁屏绕过漏洞。未经身份验证的攻击者在手机重启过程中可以强制手机进入fastboot模式并删除用户的密码文件。手机重启后锁屏密码消失，可直接使用手机。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

华为已发布版本修复该漏洞： http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20170118-01-smartphone-cn

Reference

http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20170118-01-smartphone-cn

Impacted products

Name
['Huawei P9 <EVA-AL10C00B373', 'Huawei P9 <EVA-CL00C92B373', 'Huawei P9 <EVA-DL00C17B373']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-2691"
    }
  },
  "description": "Huawei P9\u662f\u4e2d\u56fd\u534e\u4e3a\u4e00\u6b3e\u667a\u80fd\u624b\u673a\u4ea7\u54c1\u3002\r\n\r\nHuawei P9\u5b58\u5728\u9501\u5c4f\u7ed5\u8fc7\u6f0f\u6d1e\u3002 \u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684\u653b\u51fb\u8005\u5728\u624b\u673a\u91cd\u542f\u8fc7\u7a0b\u4e2d\u53ef\u4ee5\u5f3a\u5236\u624b\u673a\u8fdb\u5165fastboot\u6a21\u5f0f\u5e76\u5220\u9664\u7528\u6237\u7684\u5bc6\u7801\u6587\u4ef6\u3002\u624b\u673a\u91cd\u542f\u540e\u9501\u5c4f\u5bc6\u7801\u6d88\u5931\uff0c\u53ef\u76f4\u63a5\u4f7f\u7528\u624b\u673a\u3002",
  "discovererName": "Huawei",
  "formalWay": "\u534e\u4e3a\u5df2\u53d1\u5e03\u7248\u672c\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttp://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20170118-01-smartphone-cn",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-00662",
  "openTime": "2017-01-20",
  "patchDescription": "Huawei P9\u662f\u4e2d\u56fd\u534e\u4e3a\u4e00\u6b3e\u667a\u80fd\u624b\u673a\u4ea7\u54c1\u3002\r\n\r\nHuawei P9\u5b58\u5728\u9501\u5c4f\u7ed5\u8fc7\u6f0f\u6d1e\u3002 \u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684\u653b\u51fb\u8005\u5728\u624b\u673a\u91cd\u542f\u8fc7\u7a0b\u4e2d\u53ef\u4ee5\u5f3a\u5236\u624b\u673a\u8fdb\u5165fastboot\u6a21\u5f0f\u5e76\u5220\u9664\u7528\u6237\u7684\u5bc6\u7801\u6587\u4ef6\u3002\u624b\u673a\u91cd\u542f\u540e\u9501\u5c4f\u5bc6\u7801\u6d88\u5931\uff0c\u53ef\u76f4\u63a5\u4f7f\u7528\u624b\u673a\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Huawei P9\u9501\u5c4f\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Huawei P9 \u003cEVA-AL10C00B373",
      "Huawei P9 \u003cEVA-CL00C92B373",
      "Huawei P9 \u003cEVA-DL00C17B373"
    ]
  },
  "referenceLink": "http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20170118-01-smartphone-cn",
  "serverity": "\u4e2d",
  "submitTime": "2017-01-19",
  "title": "Huawei P9\u9501\u5c4f\u7ed5\u8fc7\u6f0f\u6d1e"
}

VAR-201711-0257

Vulnerability from variot - Updated: 2023-12-18 13:19

Huawei P9 versions earlier before EVA-AL10C00B373, versions earlier before EVA-CL00C92B373, versions earlier before EVA-DL00C17B373, versions earlier before EVA-TL00C01B373 have a lock-screen bypass vulnerability. An unauthenticated attacker could force the phone to the fastboot mode and delete the user's password file during the reboot process, then login the phone without screen lock password after reboot. Huawei P9 Smartphone software contains a vulnerability related to access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HuaweiP9 is a Huawei smartphone product from China. HuaweiP9 has a lock screen bypass vulnerability. Huawei Smart Phones are prone to a security-bypass vulnerability. An attacker may exploit this issue to bypass certain security restrictions and cause denial-of-service conditions. There is a security flaw in the Huawei P9

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201711-0257",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "p9",
        "scope": "lt",
        "trust": 1.8,
        "vendor": "huawei",
        "version": "eva-al10c00b373"
      },
      {
        "model": "p9",
        "scope": "lt",
        "trust": 1.8,
        "vendor": "huawei",
        "version": "eva-cl00c92b373"
      },
      {
        "model": "p9",
        "scope": "lt",
        "trust": 1.8,
        "vendor": "huawei",
        "version": "eva-dl00c17b373"
      },
      {
        "model": "p9",
        "scope": "lt",
        "trust": 1.8,
        "vendor": "huawei",
        "version": "eva-tl00c01b373"
      },
      {
        "model": "p9 \u003ceva-al10c00b373",
        "scope": null,
        "trust": 0.6,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "p9 \u003ceva-cl00c92b373",
        "scope": null,
        "trust": 0.6,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "p9 \u003ceva-dl00c17b373",
        "scope": null,
        "trust": 0.6,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "p9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "0"
      },
      {
        "model": "p9 eva-tl00c01b373",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "p9 eva-dl00c17b373",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "p9 eva-cl00c92b373",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "p9 eva-al10c00b373",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-00662"
      },
      {
        "db": "BID",
        "id": "95658"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010500"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2691"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:huawei:p9_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "eva-tl00c01b373",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:huawei:p9:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:huawei:p9_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "eva-dl00c17b373",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:huawei:p9:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:huawei:p9_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "eva-cl00c92b373",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:huawei:p9:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:huawei:p9_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "eva-al10c00b373",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:huawei:p9:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-2691"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vendor reported this issue.",
    "sources": [
      {
        "db": "BID",
        "id": "95658"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2017-2691",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Local",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 7.2,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2017-2691",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "HIGH",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.8,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.2,
            "id": "CNVD-2017-00662",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:A/AC:H/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "VHN-110894",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "PHYSICAL",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 0.9,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Physical",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 6.8,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2017-2691",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2017-2691",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2017-00662",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201701-773",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-110894",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-00662"
      },
      {
        "db": "VULHUB",
        "id": "VHN-110894"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010500"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2691"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201701-773"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Huawei P9 versions earlier before EVA-AL10C00B373, versions earlier before EVA-CL00C92B373, versions earlier before EVA-DL00C17B373, versions earlier before EVA-TL00C01B373 have a lock-screen bypass vulnerability. An unauthenticated attacker could force the phone to the fastboot mode and delete the user\u0027s password file during the reboot process, then login the phone without screen lock password after reboot. Huawei P9 Smartphone software contains a vulnerability related to access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HuaweiP9 is a Huawei smartphone product from China. HuaweiP9 has a lock screen bypass vulnerability. Huawei Smart Phones are prone to a security-bypass vulnerability. \nAn attacker may exploit this issue to bypass certain security restrictions and cause denial-of-service conditions. There is a security flaw in the Huawei P9",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-2691"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010500"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-00662"
      },
      {
        "db": "BID",
        "id": "95658"
      },
      {
        "db": "VULHUB",
        "id": "VHN-110894"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-2691",
        "trust": 3.4
      },
      {
        "db": "BID",
        "id": "95658",
        "trust": 2.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010500",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201701-773",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-00662",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-110894",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-00662"
      },
      {
        "db": "VULHUB",
        "id": "VHN-110894"
      },
      {
        "db": "BID",
        "id": "95658"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010500"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2691"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201701-773"
      }
    ]
  },
  "id": "VAR-201711-0257",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-00662"
      },
      {
        "db": "VULHUB",
        "id": "VHN-110894"
      }
    ],
    "trust": 1.28483934
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-00662"
      }
    ]
  },
  "last_update_date": "2023-12-18T13:19:19.537000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "huawei-sa-20170118-01-smartphone",
        "trust": 0.8,
        "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170118-01-smartphone-en"
      },
      {
        "title": "HuaweiP9 lock screen bypasses the patch of the vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/88421"
      },
      {
        "title": "Huawei P9 Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=67332"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-00662"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010500"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201701-773"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-284",
        "trust": 0.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-110894"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010500"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2691"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170118-01-smartphone-en"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/95658"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2691"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2691"
      },
      {
        "trust": 0.6,
        "url": "http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20170118-01-smartphone-cn"
      },
      {
        "trust": 0.3,
        "url": "http://www.huawei.com"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-00662"
      },
      {
        "db": "VULHUB",
        "id": "VHN-110894"
      },
      {
        "db": "BID",
        "id": "95658"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010500"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2691"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201701-773"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-00662"
      },
      {
        "db": "VULHUB",
        "id": "VHN-110894"
      },
      {
        "db": "BID",
        "id": "95658"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010500"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2691"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201701-773"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-01-20T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-00662"
      },
      {
        "date": "2017-11-22T00:00:00",
        "db": "VULHUB",
        "id": "VHN-110894"
      },
      {
        "date": "2017-01-18T00:00:00",
        "db": "BID",
        "id": "95658"
      },
      {
        "date": "2017-12-15T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-010500"
      },
      {
        "date": "2017-11-22T19:29:00.287000",
        "db": "NVD",
        "id": "CVE-2017-2691"
      },
      {
        "date": "2017-01-20T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201701-773"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-01-20T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-00662"
      },
      {
        "date": "2019-10-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-110894"
      },
      {
        "date": "2017-01-23T00:12:00",
        "db": "BID",
        "id": "95658"
      },
      {
        "date": "2017-12-15T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-010500"
      },
      {
        "date": "2019-10-03T00:03:26.223000",
        "db": "NVD",
        "id": "CVE-2017-2691"
      },
      {
        "date": "2019-10-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201701-773"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201701-773"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Huawei P9 Smartphone software access control vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010500"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "lack of information",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201701-773"
      }
    ],
    "trust": 0.6
  }
}

GHSA-MF6G-R32J-F7QW

Vulnerability from github – Published: 2022-05-13 01:44 – Updated: 2022-05-13 01:44

Details

Severity ?

6.8 (Medium)


                  
                    CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-2691"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-11-22T19:29:00Z",
    "severity": "HIGH"
  },
  "details": "Huawei P9 versions earlier before EVA-AL10C00B373, versions earlier before EVA-CL00C92B373, versions earlier before EVA-DL00C17B373, versions earlier before EVA-TL00C01B373 have a lock-screen bypass vulnerability. An unauthenticated attacker could force the phone to the fastboot mode and delete the user\u0027s password file during the reboot process, then login the phone without screen lock password after reboot.",
  "id": "GHSA-mf6g-r32j-f7qw",
  "modified": "2022-05-13T01:44:54Z",
  "published": "2022-05-13T01:44:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2691"
    },
    {
      "type": "WEB",
      "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170118-01-smartphone-en"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/95658"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2017-2691

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-2691

Aliases

CVE-2017-2691

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-2691",
    "description": "Huawei P9 versions earlier before EVA-AL10C00B373, versions earlier before EVA-CL00C92B373, versions earlier before EVA-DL00C17B373, versions earlier before EVA-TL00C01B373 have a lock-screen bypass vulnerability. An unauthenticated attacker could force the phone to the fastboot mode and delete the user\u0027s password file during the reboot process, then login the phone without screen lock password after reboot.",
    "id": "GSD-2017-2691"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-2691"
      ],
      "details": "Huawei P9 versions earlier before EVA-AL10C00B373, versions earlier before EVA-CL00C92B373, versions earlier before EVA-DL00C17B373, versions earlier before EVA-TL00C01B373 have a lock-screen bypass vulnerability. An unauthenticated attacker could force the phone to the fastboot mode and delete the user\u0027s password file during the reboot process, then login the phone without screen lock password after reboot.",
      "id": "GSD-2017-2691",
      "modified": "2023-12-13T01:21:06.022564Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@huawei.com",
        "DATE_PUBLIC": "2017-11-15T00:00:00",
        "ID": "CVE-2017-2691",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Huawei P9",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Versions earlier before EVA-AL10C00B373, Versions earlier before EVA-CL00C92B373, Versions earlier before EVA-DL00C17B373, Versions earlier before EVA-TL00C01B373,"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Huawei Technologies Co., Ltd."
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Huawei P9 versions earlier before EVA-AL10C00B373, versions earlier before EVA-CL00C92B373, versions earlier before EVA-DL00C17B373, versions earlier before EVA-TL00C01B373 have a lock-screen bypass vulnerability. An unauthenticated attacker could force the phone to the fastboot mode and delete the user\u0027s password file during the reboot process, then login the phone without screen lock password after reboot."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Lock-screen Bypass"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "95658",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/95658"
          },
          {
            "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170118-01-smartphone-en",
            "refsource": "CONFIRM",
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170118-01-smartphone-en"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:huawei:p9_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "eva-tl00c01b373",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:huawei:p9:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:huawei:p9_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "eva-dl00c17b373",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:huawei:p9:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:huawei:p9_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "eva-cl00c92b373",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:huawei:p9:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:huawei:p9_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "eva-al10c00b373",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:huawei:p9:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@huawei.com",
          "ID": "CVE-2017-2691"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Huawei P9 versions earlier before EVA-AL10C00B373, versions earlier before EVA-CL00C92B373, versions earlier before EVA-DL00C17B373, versions earlier before EVA-TL00C01B373 have a lock-screen bypass vulnerability. An unauthenticated attacker could force the phone to the fastboot mode and delete the user\u0027s password file during the reboot process, then login the phone without screen lock password after reboot."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170118-01-smartphone-en",
              "refsource": "CONFIRM",
              "tags": [
                "Issue Tracking",
                "Vendor Advisory"
              ],
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170118-01-smartphone-en"
            },
            {
              "name": "95658",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/95658"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 0.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2019-10-03T00:03Z",
      "publishedDate": "2017-11-22T19:29Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-2691 (GCVE-0-2017-2691)

FKIE_CVE-2017-2691

CNVD-2017-00662

VAR-201711-0257

GHSA-MF6G-R32J-F7QW

GSD-2017-2691

Tags

Sightings

Nomenclature