CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
12.6%
Some Huawei smart phones have an unlock code verification bypassing vulnerability. An attacker with the root privilege of a mobile can exploit this vulnerability to bypass the unlock code verification and unlock the mobile phone bootloader. (Vulnerability ID: HWPSIRT-2017-04121)
This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-8214.
Some Huawei smart phones have a permission control vulnerability. An attacker with the system privilege of a mobile can exploit this vulnerability to bypass the unlock code verification and unlock the mobile phone bootloader. (Vulnerability ID: HWPSIRT-2017-04122)
This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-8215.
Huawei has released software updates to fix these vulnerabilities. This advisory is available at the following link:
<http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170807-01-smartphone-en>
Vendor | Product | Version | CPE |
---|---|---|---|
huawei | honor_8_firmware | * | cpe:2.3:o:huawei:honor_8_firmware:*:*:*:*:*:*:*:* |
huawei | honor_v8_firmware | * | cpe:2.3:o:huawei:honor_v8_firmware:*:*:*:*:*:*:*:* |
huawei | honor_9_firmware | * | cpe:2.3:o:huawei:honor_9_firmware:*:*:*:*:*:*:*:* |
huawei | honor_v9_firmware | * | cpe:2.3:o:huawei:honor_v9_firmware:*:*:*:*:*:*:*:* |
huawei | nova_2_firmware | * | cpe:2.3:o:huawei:nova_2_firmware:*:*:*:*:*:*:*:* |
huawei | nova_2_plus_firmware | * | cpe:2.3:o:huawei:nova_2_plus_firmware:*:*:*:*:*:*:*:* |
huawei | p9_firmware | * | cpe:2.3:o:huawei:p9_firmware:*:*:*:*:*:*:*:* |
huawei | p10_plus_firmware | * | cpe:2.3:o:huawei:p10_plus_firmware:*:*:*:*:*:*:*:* |
huawei | toronto_firmware | * | cpe:2.3:o:huawei:toronto_firmware:*:*:*:*:*:*:*:* |
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
12.6%