CVE-2017-2691
First published: Wed Nov 22 2017(Updated: )
Huawei P9 versions earlier before EVA-AL10C00B373, versions earlier before EVA-CL00C92B373, versions earlier before EVA-DL00C17B373, versions earlier before EVA-TL00C01B373 have a lock-screen bypass vulnerability. An unauthenticated attacker could force the phone to the fastboot mode and delete the user's password file during the reboot process, then login the phone without screen lock password after reboot.
Credit: psirt@huawei.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Huawei P9 Firmware | <eva-tl00c01b373 | |
| Huawei P9 | ||
| Huawei P9 Firmware | <eva-dl00c17b373 | |
| Huawei P9 Firmware | <eva-cl00c92b373 | |
| Huawei P9 Firmware | <eva-al10c00b373 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this vulnerability?
The vulnerability ID is CVE-2017-2691.
What is the severity rating of CVE-2017-2691?
The severity rating of CVE-2017-2691 is high.
Which Huawei P9 versions are affected by CVE-2017-2691?
Huawei P9 versions earlier before EVA-AL10C00B373, EVA-CL00C92B373, EVA-DL00C17B373, and EVA-TL00C01B373 are affected by CVE-2017-2691.
How can an attacker exploit CVE-2017-2691?
An unauthenticated attacker can force the Huawei P9 phone to fastboot mode and delete data.
Where can I find more information about CVE-2017-2691?
You can find more information about CVE-2017-2691 on Huawei's official security advisories page and the SecurityFocus website.
- collector/nvd-index
- agent/references
- agent/severity
- agent/author
- agent/type
- agent/description
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/huawei
- canonical/huawei p9 firmware
- canonical/huawei p9