CVE-2017-2691
Last modified
CVE-2017-2691 is a vulnerability of currently unknown severity. Huawei P9 versions earlier before EVA-AL10C00B373, versions earlier before EVA-CL00C92B373, versions earlier before EVA-DL00C17B373, versions earlier before EVA-TL00C01B373 have a lock-screen bypass vulnerability. An unauthenticated attacker could force the phone to the fastboot mode and delete the user's password file during the reboot process, then login the phone without screen lock password after reboot.. EPSS estimates a 0.28% chance of exploitation in the next 30 days.
Description
Huawei P9 versions earlier before EVA-AL10C00B373, versions earlier before EVA-CL00C92B373, versions earlier before EVA-DL00C17B373, versions earlier before EVA-TL00C01B373 have a lock-screen bypass vulnerability. An unauthenticated attacker could force the phone to the fastboot mode and delete the user's password file during the reboot process, then login the phone without screen lock password after reboot.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Huawei | P9 Firmware | < eva-tl00c01b373 |
| Huawei | P9 Firmware | < eva-dl00c17b373 |
| Huawei | P9 Firmware | < eva-cl00c92b373 |
| Huawei | P9 Firmware | < eva-al10c00b373 |
References
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170118-01-smartphone-enIssue Tracking, Vendor Advisory
- http://www.securityfocus.com/bid/95658Third Party Advisory, VDB Entry
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170118-01-smartphone-enIssue Tracking, Vendor Advisory
- http://www.securityfocus.com/bid/95658Third Party Advisory, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-2691?
How severe is CVE-2017-2691?
How do I fix CVE-2017-2691?
Are you affected by CVE-2017-2691?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST