CVE-2017-8215 Information

Description

Honor 8Honor V8Honor 9Honor V9Nova 2Nova 2 PlusP9P10 PlusToronto Huawei smart phones with software of versions earlier than FRD-AL00C00B391 versions earlier than FRD-DL00C00B391 versions earlier than KNT-AL10C00B391 versions earlier than KNT-AL20C00B391 versions earlier than KNT-UL10C00B391 versions earlier than KNT-TL10C00B391 versions earlier than Stanford-AL00C00B175 versions earlier than Stanford-AL10C00B175 versions earlier than Stanford-TL00C01B175 versions earlier than Duke-AL20C00B191 versions earlier than Duke-TL30C01B191 versions earlier than Picasso-AL00C00B162 versions earlier than Picasso-TL00C01B162 versions earlier than Barca-AL00C00B162 versions earlier than Barca-TL00C00B162 versions earlier than EVA-AL10C00B396SP03 versions earlier than EVA-CL00C92B396 versions earlier than EVA-DL00C17B396 versions earlier than EVA-TL00C01B396 versions earlier than Vicky-AL00AC00B172 versions earlier than Toronto-AL00AC00B191 versions earlier than Toronto-TL10C01B191 have a permission control vulnerability. An attacker with the system privilege of a mobile can exploit this vulnerability to bypass the unlock code verification and unlock the mobile phone bootloader.

CVSS Vector

CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Reference

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170807-01-smartphone-en

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction Required

HIGH

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

6.2