Lock-Screen Bypass Vulnerability in Huawei P9 Smartphones
CVE-2017-2691

6.8MEDIUM

Key Information:

Vendor: McAfee
Status: Huawei P9
Vendor: CVE Published:; 22 November 2017

Summary

The Huawei P9 smartphones are susceptible to a lock-screen bypass vulnerability that allows unauthorized users to access the device. This flaw enables an unauthenticated attacker to force the phone into fastboot mode. During this process, the attacker can delete the user's password file, thereby circumventing the screen lock requirement. After the device reboots, the attacker can gain access to the phone without needing to enter the screen lock password, compromising user data and privacy.

Affected Version(s)

Huawei P9 Versions earlier before EVA-AL10C00B373, Versions earlier before EVA-CL00C92B373, Versions earlier before EVA-DL00C17B373, Versions earlier before EVA-TL00C01B373,

References

http://www.securityfocus.com/bid/95658

vdb-entryx_refsource_BID

http://www.huawei.com/en/psirt/security-advisories/huawei...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 22, 2017
Vulnerability Reserved
Dec 1, 2016