CVE-2017-2708 - OpenCVE

The 'Find Phone' function in Nice smartphones with software versions earlier before Nice-AL00C00B0135 has an authentication bypass vulnerability. An unauthenticated attacker may wipe and factory reset the phone by special steps. Due to missing authentication of the 'Find Phone' function, an attacker may exploit the vulnerability to bypass the 'Find Phone' function in order to use the phone normally.

No CVSS v4.0

No CVSS v3.1

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:L/AC:L/Au:N/C:N/I:N/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Huawei	Nice Nice Firmware

Configuration 1 [-]

AND

cpe:2.3:h:huawei:nice:-:*:*:*:*:*:*:*

cpe:2.3:o:huawei:nice_firmware:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170125-01-smartphone-en
http://www.securityfocus.com/bid/95911

History

No history.

MITRE

Status: PUBLISHED

Assigner: huawei

Published: 2017-11-22T19:00:00Z

Updated: 2024-09-16T19:41:47.213Z

Reserved: 2016-12-01T00:00:00

Link: CVE-2017-2708

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2017-11-22T19:29:00.867

Modified: 2019-10-03T00:03:26.223

Link: CVE-2017-2708

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Nice", "vendor": "Huawei Technologies Co., Ltd.", "versions": [{"status": "affected", "version": "Versions earlier before Nice-AL00C00B0135"}]}], "datePublic": "2017-11-15T00:00:00", "descriptions": [{"lang": "en", "value": "The 'Find Phone' function in Nice smartphones with software versions earlier before Nice-AL00C00B0135 has an authentication bypass vulnerability. An unauthenticated attacker may wipe and factory reset the phone by special steps. Due to missing authentication of the 'Find Phone' function, an attacker may exploit the vulnerability to bypass the 'Find Phone' function in order to use the phone normally."}], "problemTypes": [{"descriptions": [{"description": "Authentication Bypass", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-11-23T10:57:01", "orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei"}, "references": [{"name": "95911", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/95911"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170125-01-smartphone-en"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@huawei.com", "DATE_PUBLIC": "2017-11-15T00:00:00", "ID": "CVE-2017-2708", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Nice", "version": {"version_data": [{"version_value": "Versions earlier before Nice-AL00C00B0135"}]}}]}, "vendor_name": "Huawei Technologies Co., Ltd."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The 'Find Phone' function in Nice smartphones with software versions earlier before Nice-AL00C00B0135 has an authentication bypass vulnerability. An unauthenticated attacker may wipe and factory reset the phone by special steps. Due to missing authentication of the 'Find Phone' function, an attacker may exploit the vulnerability to bypass the 'Find Phone' function in order to use the phone normally."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Authentication Bypass"}]}]}, "references": {"reference_data": [{"name": "95911", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95911"}, {"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170125-01-smartphone-en", "refsource": "CONFIRM", "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170125-01-smartphone-en"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T14:02:07.655Z"}, "title": "CVE Program Container", "references": [{"name": "95911", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/95911"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170125-01-smartphone-en"}]}]}, "cveMetadata": {"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "assignerShortName": "huawei", "cveId": "CVE-2017-2708", "datePublished": "2017-11-22T19:00:00Z", "dateReserved": "2016-12-01T00:00:00", "dateUpdated": "2024-09-16T19:41:47.213Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:nice:-:*:*:*:*:*:*:*", "matchCriteriaId": "5DF599F2-82C9-4AD3-AF99-DAF84946C145", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:nice_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4EA1550B-65F0-4CEB-AE81-94D822419135", "versionEndExcluding": "nice-al00c00b0135", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The 'Find Phone' function in Nice smartphones with software versions earlier before Nice-AL00C00B0135 has an authentication bypass vulnerability. An unauthenticated attacker may wipe and factory reset the phone by special steps. Due to missing authentication of the 'Find Phone' function, an attacker may exploit the vulnerability to bypass the 'Find Phone' function in order to use the phone normally."}, {"lang": "es", "value": "La funci\u00f3n \"Find Phone\" en smartphones Nice con versiones de software anteriores a Nice-AL00C00B0135 tiene una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n. Un atacante no autenticado podr\u00eda borrar y restablecer la configuraci\u00f3n de f\u00e1brica del tel\u00e9fono realizando pasos especiales. Debido a la falta de autenticaci\u00f3n de la funci\u00f3n \"Find Phone\", un atacante podr\u00eda explotar la vulnerabilidad para omitir la funci\u00f3n \"Find Phone\" para utlizar el tel\u00e9fono con normalidad."}], "id": "CVE-2017-2708", "lastModified": "2019-10-03T00:03:26.223", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.9, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 0.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-11-22T19:29:00.867", "references": [{"source": "psirt@huawei.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170125-01-smartphone-en"}, {"source": "psirt@huawei.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/95911"}], "sourceIdentifier": "psirt@huawei.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "nvd@nist.gov", "type": "Primary"}]}