CVE-2017-8171

{"id": "CVE-2017-8171", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:C/A:N", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 4.6, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 0.9}]}, "published": "2017-11-22T19:29:04.023", "references": [{"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171018-01-frpbypass-en", "tags": ["Vendor Advisory"], "source": "psirt@huawei.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-668"}]}], "descriptions": [{"lang": "en", "value": "Huawei smart phones with software earlier than Vicky-AL00AC00B172D versions have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the Talkback mode and can perform some operations to bypass the Google account verification. As a result, the FRP function is bypassed."}, {"lang": "es", "value": "Los smartphones Huawei con software anterior a las versiones Vicky-AL00AC00B172D tienen una vulnerabilidad de seguridad de omisi\u00f3n de Factory Reset Protection (FRP). Cuando se reconfigura el tel\u00e9fono m\u00f3vil utilizando la funci\u00f3n Factory Reset Protection (FRP), un atacante puede iniciar sesi\u00f3n en modo Talkback y realizar determinadas operaciones para omitir la verificaci\u00f3n de la cuenta de Google. El resultado es que la funci\u00f3n FRP se omite."}], "lastModified": "2019-10-03T00:03:26.223", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:p10_plus_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B12113B9-205F-41D3-BCE0-ECFD17F96294", "versionEndExcluding": "vicky-al00ac00b172d"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:p10_plus:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "FAD5BC83-41ED-4260-8883-4CA5898A4FAD"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@huawei.com"}