CVE-2017-17326 — MEDIUM (4.6)

Vulnerability Description

Huawei Mate 9 Pro Smartphones with software of LON-AL00BC00B139D; LON-AL00BC00B229 have an activation lock bypass vulnerability. The smartphone is supposed to be activated by the former account after reset if find my phone function is on. The software does not have a sufficient protection of activation lock. Successful exploit could allow an attacker to bypass the activation lock and activate the smartphone by a new account after a series of operation.

CVSS Score

4.6

MEDIUM

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Huawei	Mate 9 Pro Fimware	lon-al00bc00b139d
Huawei	Mate 9 Pro	-

References

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171227-01-smartphVendor Advisory
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171227-01-smartphVendor Advisory

FAQ

What is CVE-2017-17326?

CVE-2017-17326 is a vulnerability with a CVSS score of 4.6 (MEDIUM). Huawei Mate 9 Pro Smartphones with software of LON-AL00BC00B139D; LON-AL00BC00B229 have an activation lock bypass vulnerability. The smartphone is supposed to be activated by the former account after ...

How severe is CVE-2017-17326?

CVE-2017-17326 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-17326?

Check the references section above for vendor advisories and patch information. Affected products include: Huawei Mate 9 Pro Fimware, Huawei Mate 9 Pro.