CVE-2017-2691
low-risk
Published 2017-11-22
Huawei P9 versions earlier before EVA-AL10C00B373, versions earlier before EVA-CL00C92B373, versions earlier before EVA-DL00C17B373, versions earlier before EVA-TL00C01B373 have a lock-screen bypass vulnerability. An unauthenticated attacker could force the phone to the fastboot mode and delete the user's password file during the reboot process, then login the phone without screen lock password after reboot.
Do I need to act?
-
0.04% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.8/10
Medium
PHYSICAL
/ LOW complexity
Affected Products (1)
Affected Vendors
References (4)
Third Party Advisory
http://www.securityfocus.com/bid/95658
Third Party Advisory
http://www.securityfocus.com/bid/95658
27
/ 100
low-risk
Severity
22/34 · High
Exploitability
0/34 · Minimal
Exposure
5/34 · Minimal