CVE-2017-2708

{"id": "CVE-2017-2708", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 4.6, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 0.9}]}, "published": "2017-11-22T19:29:00.867", "references": [{"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170125-01-smartphone-en", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "psirt@huawei.com"}, {"url": "http://www.securityfocus.com/bid/95911", "tags": ["Third Party Advisory", "VDB Entry"], "source": "psirt@huawei.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-306"}]}], "descriptions": [{"lang": "en", "value": "The 'Find Phone' function in Nice smartphones with software versions earlier before Nice-AL00C00B0135 has an authentication bypass vulnerability. An unauthenticated attacker may wipe and factory reset the phone by special steps. Due to missing authentication of the 'Find Phone' function, an attacker may exploit the vulnerability to bypass the 'Find Phone' function in order to use the phone normally."}, {"lang": "es", "value": "La funci\u00f3n \"Find Phone\" en smartphones Nice con versiones de software anteriores a Nice-AL00C00B0135 tiene una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n. Un atacante no autenticado podr\u00eda borrar y restablecer la configuraci\u00f3n de f\u00e1brica del tel\u00e9fono realizando pasos especiales. Debido a la falta de autenticaci\u00f3n de la funci\u00f3n \"Find Phone\", un atacante podr\u00eda explotar la vulnerabilidad para omitir la funci\u00f3n \"Find Phone\" para utlizar el tel\u00e9fono con normalidad."}], "lastModified": "2019-10-03T00:03:26.223", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:nice_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4EA1550B-65F0-4CEB-AE81-94D822419135", "versionEndExcluding": "nice-al00c00b0135"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:nice:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5DF599F2-82C9-4AD3-AF99-DAF84946C145"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@huawei.com"}