Vulnerability Details : CVE-2017-17326
Huawei Mate 9 Pro Smartphones with software of LON-AL00BC00B139D; LON-AL00BC00B229 have an activation lock bypass vulnerability. The smartphone is supposed to be activated by the former account after reset if find my phone function is on. The software does not have a sufficient protection of activation lock. Successful exploit could allow an attacker to bypass the activation lock and activate the smartphone by a new account after a series of operation.
Products affected by CVE-2017-17326
- cpe:2.3:o:huawei:mate_9_pro_fimware:lon-al00bc00b229:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:mate_9_pro_fimware:lon-al00bc00b139d:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-17326
0.03%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 5 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-17326
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
2.1
|
LOW | AV:L/AC:L/Au:N/C:N/I:P/A:N |
3.9
|
2.9
|
NIST | |
|
4.6
|
MEDIUM | CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
0.9
|
3.6
|
NIST |
References for CVE-2017-17326
-
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171227-01-smartphone-en
Security Advisory - Activation Lock Bypass Vulnerability on SmartphonesVendor Advisory
Jump to