CVE-2017-8173

{"id": "CVE-2017-8173", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 4.6, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 0.9}]}, "published": "2017-11-22T19:29:04.083", "references": [{"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170715-01-frpbypass-en", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "psirt@huawei.com"}, {"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170715-01-frpbypass-en", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Maya-L02,VKY-L09,VTR-L29,Vicky-AL00A,Victoria-AL00A,Warsaw-AL00 smart phones with software of earlier than Maya-L02C636B126 versions,earlier than VKY-L29C10B151 versions,earlier than VTR-L29C10B151 versions,earlier than Vicky-AL00AC00B162 versions,earlier than Victoria-AL00AC00B167 versions,earlier than Warsaw-AL00C00B200 versions have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the configuration flow by some secret code and can perform some operations to update the Google account. As a result, the FRP function is bypassed."}, {"lang": "es", "value": "Los smartphones Maya-L02, VKY-L09, VTR-L29, Vicky-AL00A, Victoria-AL00A, Warsaw-AL00 con versiones de software anteriores a Maya-L02C636B126, VKY-L29C10B151, VTR-L29C10B151, Vicky-AL00AC00B162, Victoria-AL00AC00B167 y Warsaw-AL00C00B200 tienen una vulnerabilidad de omisi\u00f3n de Factory Reset Protection (FRP). Cuando se reconfigura el tel\u00e9fono m\u00f3vil utilizando la funci\u00f3n Factory Reset Protection (FRP), un atacante puede conectarse al flujo de configuraci\u00f3n mediante alg\u00fan c\u00f3digo secreto y realizar determinadas operaciones para actualizar la cuenta de Google. El resultado es que la funci\u00f3n FRP se omite."}], "lastModified": "2024-11-21T03:33:28.133", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:maya-l02_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EA691AD9-7B27-45D7-9597-68AC69BABCE7", "versionEndExcluding": "maya-l02c636b126"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:maya-l02:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4DCAE98E-0882-4B83-A4B2-9EBFAFBC875A"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:vky-l09_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2BB957C5-EE90-4A85-ACB0-C4FBD1AB93EE", "versionEndExcluding": "vky-l29c10b151"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:vky-l09:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "315A5851-5BEE-4393-8530-A5E3E17BAEB9"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:vky-l29_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "97108578-607F-4FEF-B8BB-4CC88BFE9B38", "versionEndExcluding": "vtr-l29c10b151"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:vky-l29:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "582BA871-A84E-4629-8B1C-19FC1B430FB3"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:vicky-al00a_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "46F21261-B04E-40FE-BE5F-71A9752A8EAB", "versionEndExcluding": "vicky-al00ac00b162"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:vicky-al00a:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E014F48F-8F37-41FA-A7DE-F281B3BFFA99"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:victoria-al00a_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0BCE3E06-33A9-4F4F-89B5-BAC1E825CBE4", "versionEndExcluding": "victoria-al00ac00b167"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:victoria-al00a:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9A7F7F64-E8ED-4D47-8FA5-54A3F9965E3C"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:warsaw-al00_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "43550C96-8F74-4952-9B59-631BB5714EA6", "versionEndExcluding": "warsaw-al00c00b200"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:warsaw-al00:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D72345E1-8472-4EF0-9B97-A0E0CFB6CA58"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@huawei.com"}