{"containers": {"cna": {"affected": [{"product": "Huawei P9", "vendor": "Huawei Technologies Co., Ltd.", "versions": [{"status": "affected", "version": "Versions earlier before EVA-AL10C00B373, Versions earlier before EVA-CL00C92B373, Versions earlier before EVA-DL00C17B373, Versions earlier before EVA-TL00C01B373,"}]}], "datePublic": "2017-11-15T00:00:00", "descriptions": [{"lang": "en", "value": "Huawei P9 versions earlier before EVA-AL10C00B373, versions earlier before EVA-CL00C92B373, versions earlier before EVA-DL00C17B373, versions earlier before EVA-TL00C01B373 have a lock-screen bypass vulnerability. An unauthenticated attacker could force the phone to the fastboot mode and delete the user's password file during the reboot process, then login the phone without screen lock password after reboot."}], "problemTypes": [{"descriptions": [{"description": "Lock-screen Bypass", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-11-23T10:57:01", "orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei"}, "references": [{"name": "95658", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/95658"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170118-01-smartphone-en"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@huawei.com", "DATE_PUBLIC": "2017-11-15T00:00:00", "ID": "CVE-2017-2691", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Huawei P9", "version": {"version_data": [{"version_value": "Versions earlier before EVA-AL10C00B373, Versions earlier before EVA-CL00C92B373, Versions earlier before EVA-DL00C17B373, Versions earlier before EVA-TL00C01B373,"}]}}]}, "vendor_name": "Huawei Technologies Co., Ltd."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Huawei P9 versions earlier before EVA-AL10C00B373, versions earlier before EVA-CL00C92B373, versions earlier before EVA-DL00C17B373, versions earlier before EVA-TL00C01B373 have a lock-screen bypass vulnerability. An unauthenticated attacker could force the phone to the fastboot mode and delete the user's password file during the reboot process, then login the phone without screen lock password after reboot."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Lock-screen Bypass"}]}]}, "references": {"reference_data": [{"name": "95658", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95658"}, {"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170118-01-smartphone-en", "refsource": "CONFIRM", "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170118-01-smartphone-en"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T14:02:07.479Z"}, "title": "CVE Program Container", "references": [{"name": "95658", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/95658"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170118-01-smartphone-en"}]}]}, "cveMetadata": {"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "assignerShortName": "huawei", "cveId": "CVE-2017-2691", "datePublished": "2017-11-22T19:00:00Z", "dateReserved": "2016-12-01T00:00:00", "dateUpdated": "2024-09-16T19:35:38.240Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:p9_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6673B5F2-C31D-4B3C-88DC-A2DCACCB8872", "versionEndExcluding": "eva-tl00c01b373", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:p9:-:*:*:*:*:*:*:*", "matchCriteriaId": "B1E734BC-513F-4FF6-B4AB-46A3AD8FA9BA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:p9_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E1AA8AF4-484E-4511-8B82-5EA0F3045E5F", "versionEndExcluding": "eva-dl00c17b373", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:p9:-:*:*:*:*:*:*:*", "matchCriteriaId": "B1E734BC-513F-4FF6-B4AB-46A3AD8FA9BA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:p9_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6F398894-34C7-4D09-BD0C-15408F6702DB", "versionEndExcluding": "eva-cl00c92b373", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:p9:-:*:*:*:*:*:*:*", "matchCriteriaId": "B1E734BC-513F-4FF6-B4AB-46A3AD8FA9BA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:p9_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E6D9BF45-6BA9-4F4A-A69B-350E6D492087", "versionEndExcluding": "eva-al10c00b373", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:p9:-:*:*:*:*:*:*:*", "matchCriteriaId": "B1E734BC-513F-4FF6-B4AB-46A3AD8FA9BA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Huawei P9 versions earlier before EVA-AL10C00B373, versions earlier before EVA-CL00C92B373, versions earlier before EVA-DL00C17B373, versions earlier before EVA-TL00C01B373 have a lock-screen bypass vulnerability. An unauthenticated attacker could force the phone to the fastboot mode and delete the user's password file during the reboot process, then login the phone without screen lock password after reboot."}, {"lang": "es", "value": "Huawei P9 en versiones anteriores a la EVA-AL10C00B373, anteriores a la EVA-CL00C92B373, anteriores a la EVA-DL00C17B373 y anteriores a la EVA-TL00C01B373 tiene una vulnerabilidad de omisi\u00f3n de pantalla de bloqueo. Un atacante sin autenticar podr\u00eda forzar a que el tel\u00e9fono entre en el modo fastboot y eliminar el archivo de contrase\u00f1as del usuario durante el proceso de reinicio y, a continuaci\u00f3n, iniciar el m\u00f3vil sin contrase\u00f1a de bloqueo de pantalla tras el reinicio."}], "id": "CVE-2017-2691", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 0.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-11-22T19:29:00.287", "references": [{"source": "psirt@huawei.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170118-01-smartphone-en"}, {"source": "psirt@huawei.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/95658"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170118-01-smartphone-en"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/95658"}], "sourceIdentifier": "psirt@huawei.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}