CVE-2017-8173 — MEDIUM (4.6)

Q: How severe is CVE-2017-8173?

CVE-2017-8173 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2017-8173?

Check the references section above for vendor advisories and patch information. Affected products include: Huawei Maya-L02 Firmware, Huawei Maya-L02, Huawei Vky-L09 Firmware, Huawei Vky-L09, Huawei Vky-L29 Firmware.

Vulnerability Description

Maya-L02,VKY-L09,VTR-L29,Vicky-AL00A,Victoria-AL00A,Warsaw-AL00 smart phones with software of earlier than Maya-L02C636B126 versions,earlier than VKY-L29C10B151 versions,earlier than VTR-L29C10B151 versions,earlier than Vicky-AL00AC00B162 versions,earlier than Victoria-AL00AC00B167 versions,earlier than Warsaw-AL00C00B200 versions have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the configuration flow by some secret code and can perform some operations to update the Google account. As a result, the FRP function is bypassed.

CVSS Score

4.6

MEDIUM

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Huawei	Maya-L02 Firmware	< maya-l02c636b126
Huawei	Maya-L02	-
Huawei	Vky-L09 Firmware	< vky-l29c10b151
Huawei	Vky-L09	-
Huawei	Vky-L29 Firmware	< vtr-l29c10b151
Huawei	Vky-L29	-
Huawei	Vicky-Al00A Firmware	< vicky-al00ac00b162
Huawei	Vicky-Al00A	-
Huawei	Victoria-Al00A Firmware	< victoria-al00ac00b167
Huawei	Victoria-Al00A	-
Huawei	Warsaw-Al00 Firmware	< warsaw-al00c00b200
Huawei	Warsaw-Al00	-

References

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170715-01-frpbypaIssue TrackingVendor Advisory
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170715-01-frpbypaIssue TrackingVendor Advisory

FAQ

What is CVE-2017-8173?

CVE-2017-8173 is a vulnerability with a CVSS score of 4.6 (MEDIUM). Maya-L02,VKY-L09,VTR-L29,Vicky-AL00A,Victoria-AL00A,Warsaw-AL00 smart phones with software of earlier than Maya-L02C636B126 versions,earlier than VKY-L29C10B151 versions,earlier than VTR-L29C10B151 ve...

How severe is CVE-2017-8173?

CVE-2017-8173 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-8173?

Check the references section above for vendor advisories and patch information. Affected products include: Huawei Maya-L02 Firmware, Huawei Maya-L02, Huawei Vky-L09 Firmware, Huawei Vky-L09, Huawei Vky-L29 Firmware.