Vulnerability Description
Huawei P9 versions earlier before EVA-AL10C00B373, versions earlier before EVA-CL00C92B373, versions earlier before EVA-DL00C17B373, versions earlier before EVA-TL00C01B373 have a lock-screen bypass vulnerability. An unauthenticated attacker could force the phone to the fastboot mode and delete the user's password file during the reboot process, then login the phone without screen lock password after reboot.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Huawei | P9 Firmware | < eva-tl00c01b373 |
| Huawei | P9 | - |
References
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170118-01-smartphIssue TrackingVendor Advisory
- http://www.securityfocus.com/bid/95658Third Party AdvisoryVDB Entry
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170118-01-smartphIssue TrackingVendor Advisory
- http://www.securityfocus.com/bid/95658Third Party AdvisoryVDB Entry
FAQ
What is CVE-2017-2691?
CVE-2017-2691 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Huawei P9 versions earlier before EVA-AL10C00B373, versions earlier before EVA-CL00C92B373, versions earlier before EVA-DL00C17B373, versions earlier before EVA-TL00C01B373 have a lock-screen bypass v...
How severe is CVE-2017-2691?
CVE-2017-2691 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-2691?
Check the references section above for vendor advisories and patch information. Affected products include: Huawei P9 Firmware, Huawei P9.