Strix
26.1K

CVE-2017-2715

UnknownEPSS 0.25%

Last modified

CVE-2017-2715 is a vulnerability of currently unknown severity. The Files APP 7.1.1.309 and earlier versions in some Huawei mobile phones has a brute-force password cracking vulnerability due to the improper design of the Safe key database. An unauthorized attacker could access sensitive database information and may crack users' Safe passwords, leading to information leak.. EPSS estimates a 0.25% chance of exploitation in the next 30 days.

Description

The Files APP 7.1.1.309 and earlier versions in some Huawei mobile phones has a brute-force password cracking vulnerability due to the improper design of the Safe key database. An unauthorized attacker could access sensitive database information and may crack users' Safe passwords, leading to information leak.

Metrics

EPSS Probability
0.25%

16.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
HuaweiFiles<= 7.1.1.309

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2017-2715?
The Files APP 7.1.1.309 and earlier versions in some Huawei mobile phones has a brute-force password cracking vulnerability due to the improper design of the Safe key database. An unauthorized attacker could access sensitive database information and may crack users' Safe passwords, leading to information leak.
How severe is CVE-2017-2715?
Severity scoring for CVE-2017-2715 is pending analysis. The EPSS model estimates a 0.25% probability of exploitation in the next 30 days.
How do I fix CVE-2017-2715?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2017-2715?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST