CVE-2017-8214 — MEDIUM (6.2)

Q: How severe is CVE-2017-8214?

CVE-2017-8214 has been rated MEDIUM with a CVSS base score of 6.2/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2017-8214?

Check the references section above for vendor advisories and patch information. Affected products include: Huawei Honor 8 Firmware, Huawei Honor 8, Huawei Honor V8 Firmware, Huawei Honor V8, Huawei Honor 9 Firmware.

Vulnerability Description

Honor 8,Honor V8,Honor 9,Honor V9,Nova 2,Nova 2 Plus,P9,P10 Plus,Toronto Huawei smart phones with software of versions earlier than FRD-AL00C00B391, versions earlier than FRD-DL00C00B391, versions earlier than KNT-AL10C00B391, versions earlier than KNT-AL20C00B391, versions earlier than KNT-UL10C00B391, versions earlier than KNT-TL10C00B391, versions earlier than Stanford-AL00C00B175, versions earlier than Stanford-AL10C00B175, versions earlier than Stanford-TL00C01B175, versions earlier than Duke-AL20C00B191, versions earlier than Duke-TL30C01B191, versions earlier than Picasso-AL00C00B162, versions earlier than Picasso-TL00C01B162 , versions earlier than Barca-AL00C00B162, versions earlier than Barca-TL00C00B162, versions earlier than EVA-AL10C00B396SP03, versions earlier than EVA-CL00C92B396, versions earlier than EVA-DL00C17B396, versions earlier than EVA-TL00C01B396 , versions earlier than Vicky-AL00AC00B172, versions earlier than Toronto-AL00AC00B191, versions earlier than Toronto-TL10C01B191 have an unlock code verification bypassing vulnerability. An attacker with the root privilege of a mobile can exploit this vulnerability to bypass the unlock code verification and unlock the mobile phone bootloader.

CVSS Score

6.2

MEDIUM

CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Huawei	Honor 8 Firmware	< frd-al00c00b391
Huawei	Honor 8	-
Huawei	Honor V8 Firmware	< knt-al10c00b391
Huawei	Honor V8	-
Huawei	Honor 9 Firmware	< stanford-al00c00b175
Huawei	Honor 9	-
Huawei	Honor V9 Firmware	< duke-al20c00b191
Huawei	Honor V9	-
Huawei	Nova 2 Firmware	< picasso-al00c00b162
Huawei	Nova 2	-
Huawei	Nova 2 Plus Firmware	< barca-al00c00b162
Huawei	Nova 2 Plus	-
Huawei	P9 Firmware	< eva-al10c00b396sp03
Huawei	P9	-
Huawei	P10 Plus Firmware	< vicky-al00ac00b172
Huawei	P10 Plus	-
Huawei	Toronto Firmware	< toronto-al00ac00b191
Huawei	Toronto	-

Related Weaknesses (CWE)

CWE-287

References

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170807-01-smartphIssue TrackingVendor Advisory
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170807-01-smartphIssue TrackingVendor Advisory

FAQ

What is CVE-2017-8214?

CVE-2017-8214 is a vulnerability with a CVSS score of 6.2 (MEDIUM). Honor 8,Honor V8,Honor 9,Honor V9,Nova 2,Nova 2 Plus,P9,P10 Plus,Toronto Huawei smart phones with software of versions earlier than FRD-AL00C00B391, versions earlier than FRD-DL00C00B391, versions ear...

How severe is CVE-2017-8214?

CVE-2017-8214 has been rated MEDIUM with a CVSS base score of 6.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-8214?

Check the references section above for vendor advisories and patch information. Affected products include: Huawei Honor 8 Firmware, Huawei Honor 8, Huawei Honor V8 Firmware, Huawei Honor V8, Huawei Honor 9 Firmware.