exploitDog

CVE-2017-17149

Опубликовано: 09 мар. 2018

Источник: nvd

CVSS3: 3.9

CVSS2: 2.1

EPSS Низкий

Описание

Huawei HiWallet App with the versions before 8.0.4 has an arbitrary lock pattern change vulnerability. It needs to verify the user's Huawei ID during lock pattern change. An attacker with root privilege who gets a user's smart phone may bypass Huawei ID verification by special operation. Successful exploit of this vulnerability can allow an attacker to change the lock pattern of HiWallet.

Ссылки

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-01-hiwallet-en
Vendor Advisory
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-01-hiwallet-en
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:huawei:hiwallet:*:*:*:*:*:*:*:*

Версия до 8.0.4 (исключая)

EPSS

Процентиль: 6%

0.00025

Низкий

3.9 Low

CVSS3

2.1 Low

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-8fvm-8w45-c4j7

CVSS3: 3.9

github

больше 3 лет назад

Huawei HiWallet App with the versions before 8.0.4 has an arbitrary lock pattern change vulnerability. It needs to verify the user's Huawei ID during lock pattern change. An attacker with root privilege who gets a user's smart phone may bypass Huawei ID verification by special operation. Successful exploit of this vulnerability can allow an attacker to change the lock pattern of HiWallet.

EPSS

Процентиль: 6%

0.00025

Низкий

3.9 Low

CVSS3

2.1 Low

CVSS2

Дефекты

NVD-CWE-noinfo