CVE-2017-17326

low-risk
Published 2018-03-09

Huawei Mate 9 Pro Smartphones with software of LON-AL00BC00B139D; LON-AL00BC00B229 have an activation lock bypass vulnerability. The smartphone is supposed to be activated by the former account after reset if find my phone function is on. The software does not have a sufficient protection of activation lock. Successful exploit could allow an attacker to bypass the activation lock and activate the smartphone by a new account after a series of operation.

Do I need to act?

-
0.03% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
4
CVSS 4.6/10 Medium
PHYSICAL / LOW complexity

Affected Products (2)

Mate 9 Pro Fimware
Mate 9 Pro Fimware

Affected Vendors

Huawei

References (2)

Vendor Advisory http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171227-01-smartph...
Vendor Advisory http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171227-01-smartph...
23
/ 100
low-risk
Severity 16/34 · Moderate
Exploitability 0/34 · Minimal
Exposure 7/34 · Low