CVE-2017-17161 - OpenCVE

The 'Find Phone' function in some Huawei smart phones with software earlier than Duke-L09C10B186 versions, earlier than Duke-L09C432B187 versions, earlier than Duke-L09C636B186 versions has an authentication bypass vulnerability. Due to improper authentication realization in the 'Find Phone' function. An attacker may exploit the vulnerability to bypass the 'Find Phone' function in order to use the phone normally.

No CVSS v4.0

No CVSS v3.1

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Huawei	Duke-l09 Duke-l09 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:huawei:duke-l09_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:duke-l09:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:huawei:duke-l09_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:duke-l09:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:huawei:duke-l09_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:duke-l09:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171213-01-smartphone-en

History

No history.

MITRE

Status: PUBLISHED

Assigner: huawei

Published: 2018-02-15T16:00:00

Updated: 2024-08-05T20:43:59.852Z

Reserved: 2017-12-04T00:00:00

Link: CVE-2017-17161

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2018-02-15T16:29:02.063

Modified: 2019-10-03T00:03:26.223

Link: CVE-2017-17161

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Duke-L09", "vendor": "Huawei Technologies Co., Ltd.", "versions": [{"status": "affected", "version": "Earlier than Duke-L09C10B186 versions, Earlier than Duke-L09C432B187 versions, Earlier than Duke-L09C636B186 versions"}]}], "datePublic": "2017-12-13T00:00:00", "descriptions": [{"lang": "en", "value": "The 'Find Phone' function in some Huawei smart phones with software earlier than Duke-L09C10B186 versions, earlier than Duke-L09C432B187 versions, earlier than Duke-L09C636B186 versions has an authentication bypass vulnerability. Due to improper authentication realization in the 'Find Phone' function. An attacker may exploit the vulnerability to bypass the 'Find Phone' function in order to use the phone normally."}], "problemTypes": [{"descriptions": [{"description": "authentication bypass", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-02-15T15:57:02", "orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171213-01-smartphone-en"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@huawei.com", "ID": "CVE-2017-17161", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Duke-L09", "version": {"version_data": [{"version_value": "Earlier than Duke-L09C10B186 versions, Earlier than Duke-L09C432B187 versions, Earlier than Duke-L09C636B186 versions"}]}}]}, "vendor_name": "Huawei Technologies Co., Ltd."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The 'Find Phone' function in some Huawei smart phones with software earlier than Duke-L09C10B186 versions, earlier than Duke-L09C432B187 versions, earlier than Duke-L09C636B186 versions has an authentication bypass vulnerability. Due to improper authentication realization in the 'Find Phone' function. An attacker may exploit the vulnerability to bypass the 'Find Phone' function in order to use the phone normally."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "authentication bypass"}]}]}, "references": {"reference_data": [{"name": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171213-01-smartphone-en", "refsource": "CONFIRM", "url": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171213-01-smartphone-en"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T20:43:59.852Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171213-01-smartphone-en"}]}]}, "cveMetadata": {"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "assignerShortName": "huawei", "cveId": "CVE-2017-17161", "datePublished": "2018-02-15T16:00:00", "dateReserved": "2017-12-04T00:00:00", "dateUpdated": "2024-08-05T20:43:59.852Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:duke-l09_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "56BAE6F2-6A4C-4895-809B-7BC0C5AF81AD", "versionEndExcluding": "duke-l09c10b186", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:duke-l09:-:*:*:*:*:*:*:*", "matchCriteriaId": "EBF74374-C6A1-4D04-915B-B23E3C9AC2FD", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:duke-l09_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "5D031688-BAB3-4D49-AC49-29B9218BC326", "versionEndExcluding": "duke-l09c432b187", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:duke-l09:-:*:*:*:*:*:*:*", "matchCriteriaId": "EBF74374-C6A1-4D04-915B-B23E3C9AC2FD", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:duke-l09_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "997FF290-B213-4A51-8ACF-E0D254D337F6", "versionEndExcluding": "duke-l09c636b186", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:duke-l09:-:*:*:*:*:*:*:*", "matchCriteriaId": "EBF74374-C6A1-4D04-915B-B23E3C9AC2FD", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The 'Find Phone' function in some Huawei smart phones with software earlier than Duke-L09C10B186 versions, earlier than Duke-L09C432B187 versions, earlier than Duke-L09C636B186 versions has an authentication bypass vulnerability. Due to improper authentication realization in the 'Find Phone' function. An attacker may exploit the vulnerability to bypass the 'Find Phone' function in order to use the phone normally."}, {"lang": "es", "value": "La funci\u00f3n \"Find Phone\" en algunos smartphones Huawei con software en versiones anteriores a Duke-L09C10B186, Duke-L09C432B187 y Duke-L09C636B186 tiene una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n. Esto se debe a la realizaci\u00f3n indebida de la autenticaci\u00f3n en la funci\u00f3n \"Find Phone\". Un atacante podr\u00eda explotar esta vulnerabilidad para omitir la funci\u00f3n \"Find Phone\" y emplear el tel\u00e9fono de forma normal."}], "id": "CVE-2017-17161", "lastModified": "2019-10-03T00:03:26.223", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 0.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-02-15T16:29:02.063", "references": [{"source": "psirt@huawei.com", "tags": ["Vendor Advisory"], "url": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171213-01-smartphone-en"}], "sourceIdentifier": "psirt@huawei.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}