CVE-2017-2691

Huawei P9 versions earlier before EVA-AL10C00B373, versions earlier before EVA-CL00C92B373, versions earlier before EVA-DL00C17B373, versions earlier before EVA-TL00C01B373 have a lock-screen bypass vulnerability. An unauthenticated attacker could force the phone to the fastboot mode and delete the user's password file during the reboot process, then login the phone without screen lock password after reboot.

Published: Nov 22, 2017
Updated: Apr 13, 2023
CVE: CVE-2017-2691
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.8
AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
huawei / p9_firmware	-	eva-tl00c01b373
huawei / p9_firmware	-	eva-dl00c17b373
huawei / p9_firmware	-	eva-cl00c92b373
huawei / p9_firmware	-	eva-al10c00b373

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170118-01-smartphone-en
http://www.securityfocus.com/bid/95658

Vulnerability Database

290,206

CVE-2017-2691