CVE-2017-17326 - OpenCVE

Huawei Mate 9 Pro Smartphones with software of LON-AL00BC00B139D; LON-AL00BC00B229 have an activation lock bypass vulnerability. The smartphone is supposed to be activated by the former account after reset if find my phone function is on. The software does not have a sufficient protection of activation lock. Successful exploit could allow an attacker to bypass the activation lock and activate the smartphone by a new account after a series of operation.

No CVSS v3.1

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:L/AC:L/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Huawei	Mate 9 Pro Fimware Mate 9 Pro

Configuration 1 [-]

AND

OR	cpe:2.3:o:huawei:mate_9_pro_fimware:lon-al00bc00b139d:::::::*
	cpe:2.3:o:huawei:mate_9_pro_fimware:lon-al00bc00b229:::::::*

cpe:2.3:h:huawei:mate_9_pro:-:*:*:*:*:*:*:*

References

Link	Resource
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171227-01-smartphone-en	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: huawei

Published: 2018-03-09T17:00:00

Updated: 2018-03-09T16:57:01

Reserved: 2017-12-04T00:00:00

Link: CVE-2017-17326

JSON object: View

NVD Information

Status : Analyzed

Published: 2018-03-09T17:29:02.143

Modified: 2019-10-03T00:03:26.223

Link: CVE-2017-17326

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo

{"containers": {"cna": {"affected": [{"product": "Mate 9 Pro", "vendor": "Huawei Technologies Co., Ltd.", "versions": [{"status": "affected", "version": "Mate 9 Pro LON-AL00BC00B139D"}, {"status": "affected", "version": "LON-AL00BC00B229"}]}], "datePublic": "2017-12-27T00:00:00", "descriptions": [{"lang": "en", "value": "Huawei Mate 9 Pro Smartphones with software of LON-AL00BC00B139D; LON-AL00BC00B229 have an activation lock bypass vulnerability. The smartphone is supposed to be activated by the former account after reset if find my phone function is on. The software does not have a sufficient protection of activation lock. Successful exploit could allow an attacker to bypass the activation lock and activate the smartphone by a new account after a series of operation."}], "problemTypes": [{"descriptions": [{"description": "activation lock bypass", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-03-09T16:57:01", "orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171227-01-smartphone-en"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@huawei.com", "ID": "CVE-2017-17326", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Mate 9 Pro", "version": {"version_data": [{"version_value": "Mate 9 Pro LON-AL00BC00B139D"}, {"version_value": "LON-AL00BC00B229"}]}}]}, "vendor_name": "Huawei Technologies Co., Ltd."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Huawei Mate 9 Pro Smartphones with software of LON-AL00BC00B139D; LON-AL00BC00B229 have an activation lock bypass vulnerability. The smartphone is supposed to be activated by the former account after reset if find my phone function is on. The software does not have a sufficient protection of activation lock. Successful exploit could allow an attacker to bypass the activation lock and activate the smartphone by a new account after a series of operation."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "activation lock bypass"}]}]}, "references": {"reference_data": [{"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171227-01-smartphone-en", "refsource": "CONFIRM", "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171227-01-smartphone-en"}]}}}}, "cveMetadata": {"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "assignerShortName": "huawei", "cveId": "CVE-2017-17326", "datePublished": "2018-03-09T17:00:00", "dateReserved": "2017-12-04T00:00:00", "dateUpdated": "2018-03-09T16:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:mate_9_pro_fimware:lon-al00bc00b139d:*:*:*:*:*:*:*", "matchCriteriaId": "71521F8F-079D-4148-B00A-F85395D8970F", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:mate_9_pro_fimware:lon-al00bc00b229:*:*:*:*:*:*:*", "matchCriteriaId": "A1FB6DDC-D992-403A-B27E-FBB8431D5115", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:mate_9_pro:-:*:*:*:*:*:*:*", "matchCriteriaId": "E4CC4AF8-2F6D-41FC-9697-17472AF32FC6", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Huawei Mate 9 Pro Smartphones with software of LON-AL00BC00B139D; LON-AL00BC00B229 have an activation lock bypass vulnerability. The smartphone is supposed to be activated by the former account after reset if find my phone function is on. The software does not have a sufficient protection of activation lock. Successful exploit could allow an attacker to bypass the activation lock and activate the smartphone by a new account after a series of operation."}, {"lang": "es", "value": "Los smartphones Huawei Mate 9 Pro con software LON-AL00BC00B139D y LON-AL00BC00B229 tienen una vulnerabilidad de omisi\u00f3n de bloqueo de activaci\u00f3n. Se supone que el smartphone debe ser activado por la cuenta anterior tras el restablecimiento si la funci\u00f3n find my phone est\u00e1 activada. El software no cuenta con suficiente protecci\u00f3n del bloqueo de activaci\u00f3n. La explotaci\u00f3n con \u00e9xito de esta vulnerabilidad podr\u00eda permitir que un atacante omita el bloqueo de activaci\u00f3n y active el smartphone con una nueva cuenta tras una serie de operaciones."}], "id": "CVE-2017-17326", "lastModified": "2019-10-03T00:03:26.223", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 0.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-03-09T17:29:02.143", "references": [{"source": "psirt@huawei.com", "tags": ["Vendor Advisory"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171227-01-smartphone-en"}], "sourceIdentifier": "psirt@huawei.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}