CVE-2017-2691 Information

Description

Huawei P9 versions earlier before EVA-AL10C00B373 versions earlier before EVA-CL00C92B373 versions earlier before EVA-DL00C17B373 versions earlier before EVA-TL00C01B373 have a lock-screen bypass vulnerability. An unauthenticated attacker could force the phone to the fastboot mode and delete the user’s password file during the reboot process then login the phone without screen lock password after reboot.

CVSS Vector

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170118-01-smartphone-en http://www.securityfocus.com/bid/95658

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

6.8