CVE-2017-17145 - OpenCVE

Huawei Honor V9 Play smart phones with the versions before Jimmy-AL00AC00B135 have an authentication bypass vulnerability due to the improper design of a component. An attacker who get a user's smart phone can execute specific operation, and delete the fingerprint of the phone without authentication.

No CVSS v3.1

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:L/AC:L/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Huawei	Honor V9 Play Honor V9 Play Firmware

Configuration 1 [-]

AND

cpe:2.3:o:huawei:honor_v9_play_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:honor_v9_play:-:*:*:*:*:*:*:*

References

Link	Resource
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171213-03-smartphone-en	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: huawei

Published: 2018-03-09T17:00:00

Updated: 2018-03-09T16:57:01

Reserved: 2017-12-04T00:00:00

Link: CVE-2017-17145

JSON object: View

NVD Information

Status : Analyzed

Published: 2018-03-09T17:29:00.330

Modified: 2019-10-03T00:03:26.223

Link: CVE-2017-17145

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-12-13T00:00:00", "descriptions": [{"lang": "en", "value": "Huawei Honor V9 Play smart phones with the versions before Jimmy-AL00AC00B135 have an authentication bypass vulnerability due to the improper design of a component. An attacker who get a user's smart phone can execute specific operation, and delete the fingerprint of the phone without authentication."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-03-09T16:57:01", "orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171213-03-smartphone-en"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@huawei.com", "ID": "CVE-2017-17145", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Huawei Honor V9 Play smart phones with the versions before Jimmy-AL00AC00B135 have an authentication bypass vulnerability due to the improper design of a component. An attacker who get a user's smart phone can execute specific operation, and delete the fingerprint of the phone without authentication."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171213-03-smartphone-en", "refsource": "CONFIRM", "url": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171213-03-smartphone-en"}]}}}}, "cveMetadata": {"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "assignerShortName": "huawei", "cveId": "CVE-2017-17145", "datePublished": "2018-03-09T17:00:00", "dateReserved": "2017-12-04T00:00:00", "dateUpdated": "2018-03-09T16:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:honor_v9_play_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "CF744446-5C60-4C66-BE6B-DD108487B46C", "versionEndExcluding": "jimmy-al00ac00b135", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:honor_v9_play:-:*:*:*:*:*:*:*", "matchCriteriaId": "B543AF24-5D59-4A46-AC76-0EFF314E3D1A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Huawei Honor V9 Play smart phones with the versions before Jimmy-AL00AC00B135 have an authentication bypass vulnerability due to the improper design of a component. An attacker who get a user's smart phone can execute specific operation, and delete the fingerprint of the phone without authentication."}, {"lang": "es", "value": "Los smartphones Huawei Honor V9 Play con versiones anteriores a Jimmy-AL00AC00B135 tienen una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n debido a un dise\u00f1o incorrecto de un componente. Un atacante que consiga el smartphone de un usuario puede ejecutar operaciones espec\u00edficas y eliminar la huella del tel\u00e9fono sin autenticaci\u00f3n."}], "id": "CVE-2017-17145", "lastModified": "2019-10-03T00:03:26.223", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 0.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-03-09T17:29:00.330", "references": [{"source": "psirt@huawei.com", "tags": ["Vendor Advisory"], "url": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171213-03-smartphone-en"}], "sourceIdentifier": "psirt@huawei.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}