CVE-2017-17326

Severity Score

4.6

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Huawei Mate 9 Pro Smartphones with software of LON-AL00BC00B139D; LON-AL00BC00B229 have an activation lock bypass vulnerability. The smartphone is supposed to be activated by the former account after reset if find my phone function is on. The software does not have a sufficient protection of activation lock. Successful exploit could allow an attacker to bypass the activation lock and activate the smartphone by a new account after a series of operation.

Los smartphones Huawei Mate 9 Pro con software LON-AL00BC00B139D y LON-AL00BC00B229 tienen una vulnerabilidad de omisión de bloqueo de activación. Se supone que el smartphone debe ser activado por la cuenta anterior tras el restablecimiento si la función find my phone está activada. El software no cuenta con suficiente protección del bloqueo de activación. La explotación con éxito de esta vulnerabilidad podría permitir que un atacante omita el bloqueo de activación y active el smartphone con una nueva cuenta tras una serie de operaciones.

*Credits: N/A

Attack Vector

Physical

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2017-12-04 CVE Reserved
2018-03-09 CVE Published
2024-08-05 CVE Updated
2024-11-19 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171227-01-smartphone-en	2019-10-03

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Huawei Search vendor "Huawei"	Mate 9 Pro Fimware Search vendor "Huawei" for product "Mate 9 Pro Fimware"	lon-al00bc00b139d Search vendor "Huawei" for product "Mate 9 Pro Fimware" and version "lon-al00bc00b139d"	-	Affected	in	Huawei Search vendor "Huawei"	Mate 9 Pro Search vendor "Huawei" for product "Mate 9 Pro"	-	-	Safe
Huawei Search vendor "Huawei"	Mate 9 Pro Fimware Search vendor "Huawei" for product "Mate 9 Pro Fimware"	lon-al00bc00b229 Search vendor "Huawei" for product "Mate 9 Pro Fimware" and version "lon-al00bc00b229"	-	Affected	in	Huawei Search vendor "Huawei"	Mate 9 Pro Search vendor "Huawei" for product "Mate 9 Pro"	-	-	Safe