Lucene search

Huawei TechnologiesHUAWEI-SA-20170807-01-SMARTPHONE

HistoryAug 07, 2017 - 12:00 a.m.

Security Advisory - Two Vulnerabilities in Smart Phones

2017-08-0700:00:00

Huawei Technologies

www.huawei.com

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.2 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

12.6%

JSON

Some Huawei smart phones have an unlock code verification bypassing vulnerability. An attacker with the root privilege of a mobile can exploit this vulnerability to bypass the unlock code verification and unlock the mobile phone bootloader. (Vulnerability ID: HWPSIRT-2017-04121)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-8214.

Some Huawei smart phones have a permission control vulnerability. An attacker with the system privilege of a mobile can exploit this vulnerability to bypass the unlock code verification and unlock the mobile phone bootloader. (Vulnerability ID: HWPSIRT-2017-04122)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-8215.

Huawei has released software updates to fix these vulnerabilities. This advisory is available at the following link:

<http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170807-01-smartphone-en>

Affected configurations

Vulners

Node

huaweihonor_8Range<FRD-AL00C00B391

huaweihonor_8Range<FRD-DL00C00B391

huaweihonor_v8Range<KNT-AL10C00B391

huaweihonor_v8Range<KNT-AL20C00B391

huaweihonor_v8Range<KNT-UL10C00B391

huaweihonor_v8Range<KNT-TL10C00B391

huaweihonor_9_firmwareRange<Stanford-AL00C00B175

huaweihonor_9_firmwareRange<Stanford-AL10C00B175

huaweihonor_9_firmwareRange<Stanford-TL00C01B175

huaweihonor_v9Range<Duke-AL20C00B191

huaweihonor_v9Range<Duke-TL30C01B191

huaweinova_2Range<Picasso-AL00C00B162

huaweinova_2Range<Picasso-TL00C01B162

huaweinova_2_plusRange<Barca-AL00C00B162

huaweinova_2_plusRange<Barca-TL00C00B162

huaweip9Range<EVA-AL10C00B396SP03

huaweip9Range<EVA-CL00C92B396

huaweip9Range<EVA-DL00C17B396

huaweip9Range<EVA-TL00C01B396

huaweip10_plusRange<Vicky-AL00AC00B172

huaweitorontoRange<Toronto-AL00AC00B191

huaweitorontoRange<Toronto-TL10C01B191

CPENameOperatorVersion
honor 8ltFRD-AL00C00B391
honor 8ltFRD-DL00C00B391
honor v8ltKNT-AL10C00B391
honor v8ltKNT-AL20C00B391
honor v8ltKNT-UL10C00B391
honor v8ltKNT-TL10C00B391
honor 9ltStanford-AL00C00B175
honor 9ltStanford-AL10C00B175
honor 9ltStanford-TL00C01B175
honor v9ltDuke-AL20C00B191

Name	Operator	Version
honor 8	lt	FRD-AL00C00B391
honor 8	lt	FRD-DL00C00B391
honor v8	lt	KNT-AL10C00B391
honor v8	lt	KNT-AL20C00B391
honor v8	lt	KNT-UL10C00B391
honor v8	lt	KNT-TL10C00B391
honor 9	lt	Stanford-AL00C00B175
honor 9	lt	Stanford-AL10C00B175
honor 9	lt	Stanford-TL00C01B175
honor v9	lt	Duke-AL20C00B191

Rows per page:

1-10 of 221

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.2 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

12.6%

JSON

Related for HUAWEI-SA-20170807-01-SMARTPHONE