Lucene search

Huawei TechnologiesHUAWEI-SA-20170118-05-SMARTPHONE

HistoryJan 18, 2017 - 12:00 a.m.

Security Advisory - Phone Finder Bypass Vulnerability in Huawei Smart Phones

2017-01-1800:00:00

Huawei Technologies

www.huawei.com

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

6.8

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

27.1%

JSON

Phone Finder is a Huawei security method that was designed to make sure someone can’t just wipe and factory reset the phone if user lost it or it was stolen. The Phone Finder in some Huawei smart phones can be bypass. An attacker can bypass the Phone Finder by special steps and enter the System Setting. (Vulnerability ID: HWPSIRT-2016-12002)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-2703.

Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:

<http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170118-05-smartphone-en>

Affected configurations

Vulners

Node

huaweimate_9_firmwareMatchmha-al00bc00b156

huaweimate_9_firmwareMatchmha-cl00bc00b156

huaweimate_9_firmwareMatchmha-dl00bc00b156

huaweimate_9_firmwareMatchmha-tl00bc00b156

huaweip9_firmwareMatcheva-al10c00b373

huaweip9_firmwareMatcheva-cl10c00b373

huaweip9_firmwareMatcheva-dl10c00b373

huaweip9_firmwareMatcheva-tl10c00b373

VendorProductVersionCPE
huaweimate_9_firmwaremha-al00bc00b156cpe:2.3:o:huawei:mate_9_firmware:mha-al00bc00b156:*:*:*:*:*:*:*
huaweimate_9_firmwaremha-cl00bc00b156cpe:2.3:o:huawei:mate_9_firmware:mha-cl00bc00b156:*:*:*:*:*:*:*
huaweimate_9_firmwaremha-dl00bc00b156cpe:2.3:o:huawei:mate_9_firmware:mha-dl00bc00b156:*:*:*:*:*:*:*
huaweimate_9_firmwaremha-tl00bc00b156cpe:2.3:o:huawei:mate_9_firmware:mha-tl00bc00b156:*:*:*:*:*:*:*
huaweip9_firmwareeva-al10c00b373cpe:2.3:o:huawei:p9_firmware:eva-al10c00b373:*:*:*:*:*:*:*
huaweip9_firmwareeva-cl10c00b373cpe:2.3:o:huawei:p9_firmware:eva-cl10c00b373:*:*:*:*:*:*:*
huaweip9_firmwareeva-dl10c00b373cpe:2.3:o:huawei:p9_firmware:eva-dl10c00b373:*:*:*:*:*:*:*
huaweip9_firmwareeva-tl10c00b373cpe:2.3:o:huawei:p9_firmware:eva-tl10c00b373:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
huawei	mate_9_firmware	mha-al00bc00b156	cpe:2.3:o:huawei:mate_9_firmware:mha-al00bc00b156:::::::*
huawei	mate_9_firmware	mha-cl00bc00b156	cpe:2.3:o:huawei:mate_9_firmware:mha-cl00bc00b156:::::::*
huawei	mate_9_firmware	mha-dl00bc00b156	cpe:2.3:o:huawei:mate_9_firmware:mha-dl00bc00b156:::::::*
huawei	mate_9_firmware	mha-tl00bc00b156	cpe:2.3:o:huawei:mate_9_firmware:mha-tl00bc00b156:::::::*
huawei	p9_firmware	eva-al10c00b373	cpe:2.3:o:huawei:p9_firmware:eva-al10c00b373:::::::*
huawei	p9_firmware	eva-cl10c00b373	cpe:2.3:o:huawei:p9_firmware:eva-cl10c00b373:::::::*
huawei	p9_firmware	eva-dl10c00b373	cpe:2.3:o:huawei:p9_firmware:eva-dl10c00b373:::::::*
huawei	p9_firmware	eva-tl10c00b373	cpe:2.3:o:huawei:p9_firmware:eva-tl10c00b373:::::::*

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

6.8

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

27.1%

JSON

Related for HUAWEI-SA-20170118-05-SMARTPHONE