CVE-2017-8171
MEDIUM
4,6
Source: [email protected]
Attack Vector: physical
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: none
Integrity: high
Availability: none
MEDIUM
4,9
Source: [email protected]
Access Vector: local
Access Complexity: low
Authentication: none
Confidentiality: none
Integrity: complete
Availability: none
Description
AI Translation Available
Huawei smart phones with software earlier than Vicky-AL00AC00B172D versions have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the Talkback mode and can perform some operations to bypass the Google account verification. As a result, the FRP function is bypassed.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0003
Percentile
0,1th
Updated
EPSS Score Trend (Last 90 Days)
668
Exposure of Resource to Wrong Sphere
DraftCommon Consequences
Security Scopes Affected:
Confidentiality
Integrity
Other
Potential Impacts:
Read Application Data
Modify Application Data
Varies By Context
Applicable Platforms
All platforms may be affected
Operating System
P10 Plus Firmware by Huawei
Version Range Affected
To
vicky-al00ac00b172d
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:huawei:p10_plus_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171018-01-frpbyp…
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171018-01-frpbyp…