CVE-2017-2708

EPSS 0.19%
Veröffentlicht 22.11.2017 19:29:00
Zuletzt bearbeitet 20.04.2025 01:37:25
Quelle psirt@huawei.com
CVE-Watchlists
Login
Unerledigt
Login

The 'Find Phone' function in Nice smartphones with software versions earlier before Nice-AL00C00B0135 has an authentication bypass vulnerability. An unauthenticated attacker may wipe and factory reset the phone by special steps. Due to missing authentication of the 'Find Phone' function, an attacker may exploit the vulnerability to bypass the 'Find Phone' function in order to use the phone normally.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Huawei ≫ Nice Firmware Version < nice-al00c00b0135

Huawei ≫ Nice Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.19%	0.415

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.6	0.9	3.6	CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	4.9	3.9	6.9	AV:L/AC:L/Au:N/C:N/I:N/A:C

CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170125-01-smartphone-en

Vendor Advisory

Issue Tracking

http://www.securityfocus.com/bid/95911

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2017-2708

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-2708

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-2708

EUVD