Security Advisory - Two Vulnerabilities in Smart Phones
- SA No:huawei-sa-20170807-01-smartphone
- Initial Release Date: Aug 07, 2017
- Last Release Date: Sep 08, 2017
Some Huawei smart phones have an unlock code verification bypassing vulnerability. An attacker with the root privilege of a mobile can exploit this vulnerability to bypass the unlock code verification and unlock the mobile phone bootloader. (Vulnerability ID: HWPSIRT-2017-04121)
This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-8214.
Some Huawei smart phones have a permission control vulnerability. An attacker with the system privilege of a mobile can exploit this vulnerability to bypass the unlock code verification and unlock the mobile phone bootloader. (Vulnerability ID: HWPSIRT-2017-04122)
This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-8215.
Huawei has released software updates to fix these vulnerabilities. This advisory is available at the following link:
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170807-01-smartphone-en
|
Product Name |
Affected Version |
Resolved Product and Version |
| Honor 8 |
Versions earlier than FRD-AL00C00B391 |
FRD-AL00C00B391 |
| Versions earlier than FRD-DL00C00B391 |
FRD-DL00C00B391 |
|
| Honor V8 |
Versions earlier than KNT-AL10C00B391 |
KNT-AL10C00B391 |
| Versions earlier than KNT-AL20C00B391 |
KNT-AL20C00B391 |
|
| Versions earlier than KNT-UL10C00B391 |
KNT-UL10C00B391 |
|
| Versions earlier than KNT-TL10C00B391 |
KNT-TL10C00B391 |
|
| Honor 9 |
Versions earlier than Stanford-AL00C00B175 |
Stanford-AL00C00B175 |
| Versions earlier than Stanford-AL10C00B175 |
Stanford-AL10C00B175 |
|
| Versions earlier than Stanford-TL00C01B175 |
Stanford-TL00C01B175 |
|
|
Honor V9 |
Versions earlier than Duke-AL20C00B191 |
Duke-AL20C00B191 |
|
Versions earlier than Duke-TL30C01B191 |
Duke-TL30C01B191 |
|
|
Nova 2 |
Versions earlier than Picasso-AL00C00B162 |
Picasso-AL00C00B162 |
|
Versions earlier than Picasso-TL00C01B162 |
Picasso-TL00C01B162 |
|
|
Nova 2 Plus |
Versions earlier than Barca-AL00C00B162 |
Barca-AL00C00B162 |
|
Versions earlier than Barca-TL00C00B162 |
Barca-TL00C00B162 |
|
| P9 |
Versions earlier than EVA-AL10C00B396SP03 |
EVA-AL10C00B396SP03 |
| Versions earlier than EVA-CL00C92B396 |
EVA-CL00C92B396 |
|
| Versions earlier than EVA-DL00C17B396 |
EVA-DL00C17B396 |
|
| Versions earlier than EVA-TL00C01B396 |
EVA-TL00C01B396 |
|
| P10 Plus | Versions earlier than Vicky-AL00AC00B172 |
Vicky-AL00AC00B172 |
|
Toronto |
Versions earlier than Toronto-AL00AC00B191 |
Toronto-AL00AC00B191 |
|
Versions earlier than Toronto-TL10C01B191 |
Toronto-TL10C01B191 |
HWPSIRT-2017-04121:
An attacker can exploit this vulnerability to bypass the unlock code verification and unlock the mobile phone bootloader.
HWPSIRT-2017-04122:
An attacker can exploit this vulnerability to bypass the unlock code verification and unlock the mobile phone bootloader.
The vulnerability classification has been performed by using the CVSSv3 scoring system (http://www.first.org/cvss/specification-document).
HWPSIRT-2017-04121:
Base Score: 5.4 (AV:P/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:H)
Temporal Score: 5.0 (E:F/RL:O/RC:C)
HWPSIRT-2017-04122:
Base Score: 5.4 (AV:P/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:H)
Temporal Score: 5.0 (E:F/RL:O/RC:C)
HWPSIRT-2017-04121:
This vulnerability can be exploited only when the following conditions are present:
The attacker has obtained the root privilege of the mobile.
Vulnerability details:
An attacker with the root privilege of a mobile can exploit this vulnerability to bypass the unlock code verification and unlock the mobile phone bootloader.
HWPSIRT-2017-04122:
This vulnerability can be exploited only when the following conditions are present:
The attacker has obtained the system privilege of the mobile.
Vulnerability details:
An attacker with the system privilege of a mobile can exploit this vulnerability to bypass the unlock code verification and unlock the mobile phone bootloader.
The product that supports automatic update will receive a system update prompt. You can install the update to fix the vulnerability.
These two vulnerabilities were reported to Huawei PSIRT by Wen Guanxing of Pangu lab. Huawei would like to thank Wen Guanxing for working with us and coordinated vulnerability disclosure to protect our customers.
2017-09-08 V1.6 UPDATED Updated the affected software versions and fixes information
2017-09-01 V1.5 UPDATED Updated the affected software versions and fixes information
2017-08-29 V1.4 UPDATED Updated the affected software versions and fixes information
2017-08-26 V1.3 UPDATED Updated the affected software versions and fixes information
2017-08-16 V1.2 UPDATED Updated the affected software versions and fixes information
2017-08-10 V1.1 UPDATED Updated the affected software versions and fixes information
2017-08-07 V1.0 INITIAL
None
Huawei adheres to protecting the ultimate interests of users with best efforts and the principle of responsible disclosure and deal with product security issues through our response mechanism.
To enjoy Huawei PSIRT services and obtain Huawei product vulnerability information, please visit http://www.huawei.com/en/psirt.
To report a security vulnerability in Huawei products and solutions, please send it to PSIRT@huawei.com. For details, please visit http://www.huawei.com/en/psirt/report-vulnerabilities.
