cvelistv5 - cve-2017-2728

CVE-2017-2728 (GCVE-0-2017-2728)

Vulnerability from cvelistv5 – Published: 2017-11-22 19:00 – Updated: 2024-09-16 17:53

Summary

Severity ?

No CVSS data available.

CWE

Bluetooth Unlock Bypassing

Assigner

huawei

References

URL

Tags

	http://www.huawei.com/en/psirt/security-advisorie…	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/97042	vdb-entryx_refsource_BID

Impacted products

	Vendor	Product	Version
	Huawei Technologies Co., Ltd.	Honor 6X	Affected: Berlin-L22C636B150 and earlier versions

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T14:02:07.548Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170323-01-smartphone-en"
          },
          {
            "name": "97042",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/97042"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Honor 6X",
          "vendor": "Huawei Technologies Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "Berlin-L22C636B150 and earlier versions"
            }
          ]
        }
      ],
      "datePublic": "2017-11-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Some Huawei mobile phones Honor 6X Berlin-L22C636B150 and earlier versions have a Bluetooth unlock bypassing vulnerability. If a user has enabled the smart unlock function, an attacker can impersonate the user\u0027s Bluetooth device to unlock the user\u0027s mobile phone screen.uawei mobile phones have a Bluetooth unlock bypassing vulnerability due to the lack of validation on Bluetooth devices. If a user has enabled the smart unlock function, an attacker can impersonate the user\u0027s Bluetooth device to unlock the user\u0027s mobile phone screen."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Bluetooth Unlock Bypassing",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-27T16:57:01",
        "orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
        "shortName": "huawei"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170323-01-smartphone-en"
        },
        {
          "name": "97042",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/97042"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@huawei.com",
          "DATE_PUBLIC": "2017-11-15T00:00:00",
          "ID": "CVE-2017-2728",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Honor 6X",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Berlin-L22C636B150 and earlier versions"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Huawei Technologies Co., Ltd."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Some Huawei mobile phones Honor 6X Berlin-L22C636B150 and earlier versions have a Bluetooth unlock bypassing vulnerability. If a user has enabled the smart unlock function, an attacker can impersonate the user\u0027s Bluetooth device to unlock the user\u0027s mobile phone screen.uawei mobile phones have a Bluetooth unlock bypassing vulnerability due to the lack of validation on Bluetooth devices. If a user has enabled the smart unlock function, an attacker can impersonate the user\u0027s Bluetooth device to unlock the user\u0027s mobile phone screen."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Bluetooth Unlock Bypassing"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170323-01-smartphone-en",
              "refsource": "CONFIRM",
              "url": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170323-01-smartphone-en"
            },
            {
              "name": "97042",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/97042"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
    "assignerShortName": "huawei",
    "cveId": "CVE-2017-2728",
    "datePublished": "2017-11-22T19:00:00Z",
    "dateReserved": "2016-12-01T00:00:00",
    "dateUpdated": "2024-09-16T17:53:45.135Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:honor_6x_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"berlin-l22c636b150\", \"matchCriteriaId\": \"78EF2CC9-FB88-4047-A077-DB408118D0E3\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:huawei:honor_6x:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07006372-CA98-4256-9C07-A2152A8D2BBA\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Some Huawei mobile phones Honor 6X Berlin-L22C636B150 and earlier versions have a Bluetooth unlock bypassing vulnerability. If a user has enabled the smart unlock function, an attacker can impersonate the user\u0027s Bluetooth device to unlock the user\u0027s mobile phone screen.uawei mobile phones have a Bluetooth unlock bypassing vulnerability due to the lack of validation on Bluetooth devices. If a user has enabled the smart unlock function, an attacker can impersonate the user\u0027s Bluetooth device to unlock the user\u0027s mobile phone screen.\"}, {\"lang\": \"es\", \"value\": \"Algunos tel\\u00e9fonos m\\u00f3viles Huawei Honor 6X Berlin-L22C636B150 y versiones anteriores tienen una vulnerabilidad de omisi\\u00f3n de desbloqueo Bluetooth. Si un usuario ha habilitado la funci\\u00f3n smart unlock, un atacante puede suplantar el dispositivo Bluetooth del usuario para desbloquear la pantalla del tel\\u00e9fono m\\u00f3vil del usuario. Los m\\u00f3viles Huawei tienen una vulnerabilidad de omisi\\u00f3n de desbloqueo Bluetooth debido a la falta de validaci\\u00f3n en dispositivos Bluetooth. Si un usuario ha habilitado la funci\\u00f3n smart unlock, un atacante puede suplantar el dispositivo Bluetooth del usuario para desbloquear la pantalla del tel\\u00e9fono m\\u00f3vil del usuario.\"}]",
      "id": "CVE-2017-2728",
      "lastModified": "2024-11-21T03:24:03.927",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 6.4, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"PHYSICAL\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 0.5, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 6.9, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 3.4, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2017-11-22T19:29:01.663",
      "references": "[{\"url\": \"http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170323-01-smartphone-en\", \"source\": \"psirt@huawei.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/97042\", \"source\": \"psirt@huawei.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170323-01-smartphone-en\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/97042\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}]",
      "sourceIdentifier": "psirt@huawei.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-2728\",\"sourceIdentifier\":\"psirt@huawei.com\",\"published\":\"2017-11-22T19:29:01.663\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Some Huawei mobile phones Honor 6X Berlin-L22C636B150 and earlier versions have a Bluetooth unlock bypassing vulnerability. If a user has enabled the smart unlock function, an attacker can impersonate the user\u0027s Bluetooth device to unlock the user\u0027s mobile phone screen.uawei mobile phones have a Bluetooth unlock bypassing vulnerability due to the lack of validation on Bluetooth devices. If a user has enabled the smart unlock function, an attacker can impersonate the user\u0027s Bluetooth device to unlock the user\u0027s mobile phone screen.\"},{\"lang\":\"es\",\"value\":\"Algunos tel\u00e9fonos m\u00f3viles Huawei Honor 6X Berlin-L22C636B150 y versiones anteriores tienen una vulnerabilidad de omisi\u00f3n de desbloqueo Bluetooth. Si un usuario ha habilitado la funci\u00f3n smart unlock, un atacante puede suplantar el dispositivo Bluetooth del usuario para desbloquear la pantalla del tel\u00e9fono m\u00f3vil del usuario. Los m\u00f3viles Huawei tienen una vulnerabilidad de omisi\u00f3n de desbloqueo Bluetooth debido a la falta de validaci\u00f3n en dispositivos Bluetooth. Si un usuario ha habilitado la funci\u00f3n smart unlock, un atacante puede suplantar el dispositivo Bluetooth del usuario para desbloquear la pantalla del tel\u00e9fono m\u00f3vil del usuario.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":6.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"PHYSICAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.5,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":6.9,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.4,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:honor_6x_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"berlin-l22c636b150\",\"matchCriteriaId\":\"78EF2CC9-FB88-4047-A077-DB408118D0E3\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:honor_6x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07006372-CA98-4256-9C07-A2152A8D2BBA\"}]}]}],\"references\":[{\"url\":\"http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170323-01-smartphone-en\",\"source\":\"psirt@huawei.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/97042\",\"source\":\"psirt@huawei.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170323-01-smartphone-en\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/97042\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]}]}}"
  }
}

VAR-201711-0244

Vulnerability from variot - Updated: 2023-12-18 14:05

Some Huawei mobile phones Honor 6X Berlin-L22C636B150 and earlier versions have a Bluetooth unlock bypassing vulnerability. If a user has enabled the smart unlock function, an attacker can impersonate the user's Bluetooth device to unlock the user's mobile phone screen.uawei mobile phones have a Bluetooth unlock bypassing vulnerability due to the lack of validation on Bluetooth devices. If a user has enabled the smart unlock function, an attacker can impersonate the user's Bluetooth device to unlock the user's mobile phone screen. Huawei smartphone Honor 6X Contains vulnerabilities related to security features.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HuaweiHonor6X is a smartphone from China's Huawei company. Multiple Huawei Honor are prone to a local security-bypass vulnerability. An attacker may exploit this issue to bypass certain security restrictions. Huawei Honor6X Berlin-L22C636B150 and prior versions are affected

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201711-0244",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "honor 6x",
        "scope": "lte",
        "trust": 1.8,
        "vendor": "huawei",
        "version": "berlin-l22c636b150"
      },
      {
        "model": "honor \u003c=berlin-l22c636b150",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "huawei",
        "version": "6x"
      },
      {
        "model": "honor 6x",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "huawei",
        "version": "berlin-l22c636b150"
      },
      {
        "model": "honor berlin-l22c636b150",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "6x"
      },
      {
        "model": "honor berlin-l22c636b160",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "6x"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-04421"
      },
      {
        "db": "BID",
        "id": "97042"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010730"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2728"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-1069"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:huawei:honor_6x_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "berlin-l22c636b150",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:huawei:honor_6x:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-2728"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Nicky of Tencent Security Platform Department.",
    "sources": [
      {
        "db": "BID",
        "id": "97042"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-1069"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2017-2728",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.9,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.4,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Local",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 6.9,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2017-2728",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.6,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 4.9,
            "id": "CNVD-2017-04421",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.9,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.4,
            "id": "VHN-110931",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:L/AC:M/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "PHYSICAL",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 0.5,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "High",
            "attackVector": "Physical",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 6.4,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2017-2728",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2017-2728",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2017-04421",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201703-1069",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-110931",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-04421"
      },
      {
        "db": "VULHUB",
        "id": "VHN-110931"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010730"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2728"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-1069"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Some Huawei mobile phones Honor 6X Berlin-L22C636B150 and earlier versions have a Bluetooth unlock bypassing vulnerability. If a user has enabled the smart unlock function, an attacker can impersonate the user\u0027s Bluetooth device to unlock the user\u0027s mobile phone screen.uawei mobile phones have a Bluetooth unlock bypassing vulnerability due to the lack of validation on Bluetooth devices. If a user has enabled the smart unlock function, an attacker can impersonate the user\u0027s Bluetooth device to unlock the user\u0027s mobile phone screen. Huawei smartphone Honor 6X Contains vulnerabilities related to security features.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HuaweiHonor6X is a smartphone from China\u0027s Huawei company. Multiple Huawei Honor are prone to a local security-bypass vulnerability. \nAn attacker may exploit this issue to bypass certain security restrictions. \nHuawei Honor6X Berlin-L22C636B150 and prior versions are affected",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-2728"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010730"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-04421"
      },
      {
        "db": "BID",
        "id": "97042"
      },
      {
        "db": "VULHUB",
        "id": "VHN-110931"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-2728",
        "trust": 3.4
      },
      {
        "db": "BID",
        "id": "97042",
        "trust": 2.6
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010730",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-1069",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-04421",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-110931",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-04421"
      },
      {
        "db": "VULHUB",
        "id": "VHN-110931"
      },
      {
        "db": "BID",
        "id": "97042"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010730"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2728"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-1069"
      }
    ]
  },
  "id": "VAR-201711-0244",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-04421"
      },
      {
        "db": "VULHUB",
        "id": "VHN-110931"
      }
    ],
    "trust": 1.28944035
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-04421"
      }
    ]
  },
  "last_update_date": "2023-12-18T14:05:38.055000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "huawei-sa-20170323-01-smartphone",
        "trust": 0.8,
        "url": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170323-01-smartphone-en"
      },
      {
        "title": "HuaweiHonor6X security bypass vulnerability patch",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/91755"
      },
      {
        "title": "Huawei Honor6X Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=68752"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-04421"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010730"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-1069"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-254",
        "trust": 0.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-110931"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010730"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2728"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/97042"
      },
      {
        "trust": 1.7,
        "url": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170323-01-smartphone-en"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2728"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2728"
      },
      {
        "trust": 0.6,
        "url": "http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20170323-01-smartphone-cn"
      },
      {
        "trust": 0.3,
        "url": "http://www.huawei.com"
      },
      {
        "trust": 0.3,
        "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170323-01-smartphone-en"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-04421"
      },
      {
        "db": "VULHUB",
        "id": "VHN-110931"
      },
      {
        "db": "BID",
        "id": "97042"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010730"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2728"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-1069"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-04421"
      },
      {
        "db": "VULHUB",
        "id": "VHN-110931"
      },
      {
        "db": "BID",
        "id": "97042"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010730"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2728"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-1069"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-04-12T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-04421"
      },
      {
        "date": "2017-11-22T00:00:00",
        "db": "VULHUB",
        "id": "VHN-110931"
      },
      {
        "date": "2017-03-23T00:00:00",
        "db": "BID",
        "id": "97042"
      },
      {
        "date": "2017-12-21T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-010730"
      },
      {
        "date": "2017-11-22T19:29:01.663000",
        "db": "NVD",
        "id": "CVE-2017-2728"
      },
      {
        "date": "2017-03-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201703-1069"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-04-13T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-04421"
      },
      {
        "date": "2019-10-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-110931"
      },
      {
        "date": "2017-03-29T00:01:00",
        "db": "BID",
        "id": "97042"
      },
      {
        "date": "2017-12-21T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-010730"
      },
      {
        "date": "2019-10-03T00:03:26.223000",
        "db": "NVD",
        "id": "CVE-2017-2728"
      },
      {
        "date": "2019-10-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201703-1069"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "BID",
        "id": "97042"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-1069"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Huawei smartphone  Honor 6X Vulnerabilities related to security functions",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010730"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "lack of information",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-1069"
      }
    ],
    "trust": 0.6
  }
}

GHSA-R7MP-GQFH-Q2FR

Vulnerability from github – Published: 2022-05-13 01:44 – Updated: 2022-05-13 01:44

Details

Severity ?

6.4 (Medium)


                  
                    CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-2728"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-11-22T19:29:00Z",
    "severity": "MODERATE"
  },
  "details": "Some Huawei mobile phones Honor 6X Berlin-L22C636B150 and earlier versions have a Bluetooth unlock bypassing vulnerability. If a user has enabled the smart unlock function, an attacker can impersonate the user\u0027s Bluetooth device to unlock the user\u0027s mobile phone screen.uawei mobile phones have a Bluetooth unlock bypassing vulnerability due to the lack of validation on Bluetooth devices. If a user has enabled the smart unlock function, an attacker can impersonate the user\u0027s Bluetooth device to unlock the user\u0027s mobile phone screen.",
  "id": "GHSA-r7mp-gqfh-q2fr",
  "modified": "2022-05-13T01:44:56Z",
  "published": "2022-05-13T01:44:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2728"
    },
    {
      "type": "WEB",
      "url": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170323-01-smartphone-en"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/97042"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2017-2728

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-2728

Aliases

CVE-2017-2728

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-2728",
    "description": "Some Huawei mobile phones Honor 6X Berlin-L22C636B150 and earlier versions have a Bluetooth unlock bypassing vulnerability. If a user has enabled the smart unlock function, an attacker can impersonate the user\u0027s Bluetooth device to unlock the user\u0027s mobile phone screen.uawei mobile phones have a Bluetooth unlock bypassing vulnerability due to the lack of validation on Bluetooth devices. If a user has enabled the smart unlock function, an attacker can impersonate the user\u0027s Bluetooth device to unlock the user\u0027s mobile phone screen.",
    "id": "GSD-2017-2728"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-2728"
      ],
      "details": "Some Huawei mobile phones Honor 6X Berlin-L22C636B150 and earlier versions have a Bluetooth unlock bypassing vulnerability. If a user has enabled the smart unlock function, an attacker can impersonate the user\u0027s Bluetooth device to unlock the user\u0027s mobile phone screen.uawei mobile phones have a Bluetooth unlock bypassing vulnerability due to the lack of validation on Bluetooth devices. If a user has enabled the smart unlock function, an attacker can impersonate the user\u0027s Bluetooth device to unlock the user\u0027s mobile phone screen.",
      "id": "GSD-2017-2728",
      "modified": "2023-12-13T01:21:05.908054Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@huawei.com",
        "DATE_PUBLIC": "2017-11-15T00:00:00",
        "ID": "CVE-2017-2728",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Honor 6X",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Berlin-L22C636B150 and earlier versions"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Huawei Technologies Co., Ltd."
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Some Huawei mobile phones Honor 6X Berlin-L22C636B150 and earlier versions have a Bluetooth unlock bypassing vulnerability. If a user has enabled the smart unlock function, an attacker can impersonate the user\u0027s Bluetooth device to unlock the user\u0027s mobile phone screen.uawei mobile phones have a Bluetooth unlock bypassing vulnerability due to the lack of validation on Bluetooth devices. If a user has enabled the smart unlock function, an attacker can impersonate the user\u0027s Bluetooth device to unlock the user\u0027s mobile phone screen."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Bluetooth Unlock Bypassing"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170323-01-smartphone-en",
            "refsource": "CONFIRM",
            "url": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170323-01-smartphone-en"
          },
          {
            "name": "97042",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/97042"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:huawei:honor_6x_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "berlin-l22c636b150",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:huawei:honor_6x:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@huawei.com",
          "ID": "CVE-2017-2728"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Some Huawei mobile phones Honor 6X Berlin-L22C636B150 and earlier versions have a Bluetooth unlock bypassing vulnerability. If a user has enabled the smart unlock function, an attacker can impersonate the user\u0027s Bluetooth device to unlock the user\u0027s mobile phone screen.uawei mobile phones have a Bluetooth unlock bypassing vulnerability due to the lack of validation on Bluetooth devices. If a user has enabled the smart unlock function, an attacker can impersonate the user\u0027s Bluetooth device to unlock the user\u0027s mobile phone screen."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170323-01-smartphone-en",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170323-01-smartphone-en"
            },
            {
              "name": "97042",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/97042"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.9,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.4,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 0.5,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2019-10-03T00:03Z",
      "publishedDate": "2017-11-22T19:29Z"
    }
  }
}

CNVD-2017-04421

Vulnerability from cnvd - Published: 2017-04-12

Title

Huawei Honor 6X安全绕过漏洞

Description

Huawei Honor 6X是中国华为（Huawei）公司的一款智能手机。 Huawei Honor 6X Berlin-L22C636B150及之前的版本中存在安全绕过漏洞，由于手机缺少对接入蓝牙设备的合法性验证。当用户开启手机的智能解锁功能，攻击者可通过伪造用户蓝牙设备利用该漏洞对用户手机屏幕解锁。

Severity

高

Patch Name

Huawei Honor 6X安全绕过漏洞的补丁

Patch Description

Huawei Honor 6X是中国华为（Huawei）公司的一款智能手机。 Huawei Honor 6X Berlin-L22C636B150及之前的版本中存在安全绕过漏洞，由于手机缺少对接入蓝牙设备的合法性验证。当用户开启手机的智能解锁功能，攻击者可通过伪造用户蓝牙设备利用该漏洞对用户手机屏幕解锁。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

华为已发布版本修复该漏洞。安全预警链接： http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20170323-01-smartphone-cn

Reference

http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20170323-01-smartphone-cn

Impacted products

Name
Huawei Honor 6X <=Berlin-L22C636B150

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "97042"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-2728"
    }
  },
  "description": "Huawei Honor 6X\u662f\u4e2d\u56fd\u534e\u4e3a\uff08Huawei\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u667a\u80fd\u624b\u673a\u3002\r\n\r\nHuawei Honor 6X Berlin-L22C636B150\u53ca\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\uff0c\u7531\u4e8e\u624b\u673a\u7f3a\u5c11\u5bf9\u63a5\u5165\u84dd\u7259\u8bbe\u5907\u7684\u5408\u6cd5\u6027\u9a8c\u8bc1\u3002\u5f53\u7528\u6237\u5f00\u542f\u624b\u673a\u7684\u667a\u80fd\u89e3\u9501\u529f\u80fd\uff0c\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u4f2a\u9020\u7528\u6237\u84dd\u7259\u8bbe\u5907\u5229\u7528\u8be5\u6f0f\u6d1e\u5bf9\u7528\u6237\u624b\u673a\u5c4f\u5e55\u89e3\u9501\u3002",
  "discovererName": "Nicky of Tencent Security Platform Department.",
  "formalWay": "\u534e\u4e3a\u5df2\u53d1\u5e03\u7248\u672c\u4fee\u590d\u8be5\u6f0f\u6d1e\u3002\u5b89\u5168\u9884\u8b66\u94fe\u63a5\uff1a\r\nhttp://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20170323-01-smartphone-cn",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-04421",
  "openTime": "2017-04-12",
  "patchDescription": "Huawei Honor 6X\u662f\u4e2d\u56fd\u534e\u4e3a\uff08Huawei\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u667a\u80fd\u624b\u673a\u3002\r\n\r\nHuawei Honor 6X Berlin-L22C636B150\u53ca\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\uff0c\u7531\u4e8e\u624b\u673a\u7f3a\u5c11\u5bf9\u63a5\u5165\u84dd\u7259\u8bbe\u5907\u7684\u5408\u6cd5\u6027\u9a8c\u8bc1\u3002\u5f53\u7528\u6237\u5f00\u542f\u624b\u673a\u7684\u667a\u80fd\u89e3\u9501\u529f\u80fd\uff0c\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u4f2a\u9020\u7528\u6237\u84dd\u7259\u8bbe\u5907\u5229\u7528\u8be5\u6f0f\u6d1e\u5bf9\u7528\u6237\u624b\u673a\u5c4f\u5e55\u89e3\u9501\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Huawei Honor 6X\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Huawei Honor 6X \u003c=Berlin-L22C636B150"
  },
  "referenceLink": "http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20170323-01-smartphone-cn",
  "serverity": "\u9ad8",
  "submitTime": "2017-03-24",
  "title": "Huawei Honor 6X\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e"
}

FKIE_CVE-2017-2728

Vulnerability from fkie_nvd - Published: 2017-11-22 19:29 - Updated: 2025-04-20 01:37

Severity ?

6.4 (Medium) - CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
psirt@huawei.com	http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170323-01-smartphone-en	Vendor Advisory
psirt@huawei.com	http://www.securityfocus.com/bid/97042	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170323-01-smartphone-en	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/97042	Third Party Advisory, VDB Entry

Impacted products

	Vendor	Product	Version
	huawei	honor_6x_firmware	*
	huawei	honor_6x	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:huawei:honor_6x_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "78EF2CC9-FB88-4047-A077-DB408118D0E3",
              "versionEndIncluding": "berlin-l22c636b150",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:huawei:honor_6x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "07006372-CA98-4256-9C07-A2152A8D2BBA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Some Huawei mobile phones Honor 6X Berlin-L22C636B150 and earlier versions have a Bluetooth unlock bypassing vulnerability. If a user has enabled the smart unlock function, an attacker can impersonate the user\u0027s Bluetooth device to unlock the user\u0027s mobile phone screen.uawei mobile phones have a Bluetooth unlock bypassing vulnerability due to the lack of validation on Bluetooth devices. If a user has enabled the smart unlock function, an attacker can impersonate the user\u0027s Bluetooth device to unlock the user\u0027s mobile phone screen."
    },
    {
      "lang": "es",
      "value": "Algunos tel\u00e9fonos m\u00f3viles Huawei Honor 6X Berlin-L22C636B150 y versiones anteriores tienen una vulnerabilidad de omisi\u00f3n de desbloqueo Bluetooth. Si un usuario ha habilitado la funci\u00f3n smart unlock, un atacante puede suplantar el dispositivo Bluetooth del usuario para desbloquear la pantalla del tel\u00e9fono m\u00f3vil del usuario. Los m\u00f3viles Huawei tienen una vulnerabilidad de omisi\u00f3n de desbloqueo Bluetooth debido a la falta de validaci\u00f3n en dispositivos Bluetooth. Si un usuario ha habilitado la funci\u00f3n smart unlock, un atacante puede suplantar el dispositivo Bluetooth del usuario para desbloquear la pantalla del tel\u00e9fono m\u00f3vil del usuario."
    }
  ],
  "id": "CVE-2017-2728",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.9,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "PHYSICAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 0.5,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-11-22T19:29:01.663",
  "references": [
    {
      "source": "psirt@huawei.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170323-01-smartphone-en"
    },
    {
      "source": "psirt@huawei.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/97042"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170323-01-smartphone-en"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/97042"
    }
  ],
  "sourceIdentifier": "psirt@huawei.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-2728 (GCVE-0-2017-2728)

VAR-201711-0244

GHSA-R7MP-GQFH-Q2FR

GSD-2017-2728

CNVD-2017-04421

FKIE_CVE-2017-2728

Tags

Sightings

Nomenclature