CVE-2017-15351 — MEDIUM (6.8)

Vulnerability Description

The 'Find Phone' function in Huawei Honor V9 play smart phones with versions earlier than Jimmy-AL00AC00B135 has an authentication bypass vulnerability. Due to improper authentication realization in the 'Find Phone' function. An attacker may exploit the vulnerability to bypass the 'Find Phone' function in order to use the phone normally.

CVSS Score

6.8

MEDIUM

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Huawei	Honor V9 Play Firmware	jimmy-al00ac00b135
Huawei	Honor V9 Play	-

Related Weaknesses (CWE)

CWE-287

References

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171122-01-smartphVendor Advisory
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171122-01-smartphVendor Advisory

FAQ

What is CVE-2017-15351?

CVE-2017-15351 is a vulnerability with a CVSS score of 6.8 (MEDIUM). The 'Find Phone' function in Huawei Honor V9 play smart phones with versions earlier than Jimmy-AL00AC00B135 has an authentication bypass vulnerability. Due to improper authentication realization in t...

How severe is CVE-2017-15351?

CVE-2017-15351 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-15351?

Check the references section above for vendor advisories and patch information. Affected products include: Huawei Honor V9 Play Firmware, Huawei Honor V9 Play.