{"api_version":"1","generated_at":"2026-05-14T00:14:53+00:00","cve":"CVE-2017-2691","urls":{"html":"https://cve.report/CVE-2017-2691","api":"https://cve.report/api/cve/CVE-2017-2691.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2017-2691","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2017-2691"},"summary":{"title":"CVE-2017-2691","description":"Huawei P9 versions earlier before EVA-AL10C00B373, versions earlier before EVA-CL00C92B373, versions earlier before EVA-DL00C17B373, versions earlier before EVA-TL00C01B373 have a lock-screen bypass vulnerability. An unauthenticated attacker could force the phone to the fastboot mode and delete the user's password file during the reboot process, then login the phone without screen lock password after reboot.","state":"PUBLISHED","assigner":"huawei","published_at":"2017-11-22 19:29:00","updated_at":"2025-04-20 01:37:25"},"problem_types":["NVD-CWE-noinfo","Lock-screen Bypass"],"metrics":[{"version":"3.0","source":"nvd@nist.gov","type":"Primary","score":"6.8","severity":"MEDIUM","vector":"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","data":{"version":"3.0","vectorString":"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"PHYSICAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"7.2","severity":"","vector":"AV:L/AC:L/Au:N/C:C/I:C/A:C","data":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","baseScore":7.2,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"}}],"references":[{"url":"http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170118-01-smartphone-en","name":"http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170118-01-smartphone-en","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Vendor Advisory"],"title":"Security Advisory - Lock-screen Bypass Vulnerability in Huawei Smartphones","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/95658","name":"http://www.securityfocus.com/bid/95658","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"],"title":"Huawei Smart Phones CVE-2017-2691 Security Bypass Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2017-2691","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-2691","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Huawei Technologies Co., Ltd.","product":"Huawei P9","version":"affected Versions earlier before EVA-AL10C00B373, Versions earlier before EVA-CL00C92B373, Versions earlier before EVA-DL00C17B373, Versions earlier before EVA-TL00C01B373,","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2017","cve_id":"2691","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"huawei","cpe5":"p9","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"2691","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"huawei","cpe5":"p9_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-05T14:02:07.479Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"95658","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/95658"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170118-01-smartphone-en"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"Huawei P9","vendor":"Huawei Technologies Co., Ltd.","versions":[{"status":"affected","version":"Versions earlier before EVA-AL10C00B373, Versions earlier before EVA-CL00C92B373, Versions earlier before EVA-DL00C17B373, Versions earlier before EVA-TL00C01B373,"}]}],"datePublic":"2017-11-15T00:00:00.000Z","descriptions":[{"lang":"en","value":"Huawei P9 versions earlier before EVA-AL10C00B373, versions earlier before EVA-CL00C92B373, versions earlier before EVA-DL00C17B373, versions earlier before EVA-TL00C01B373 have a lock-screen bypass vulnerability. An unauthenticated attacker could force the phone to the fastboot mode and delete the user's password file during the reboot process, then login the phone without screen lock password after reboot."}],"problemTypes":[{"descriptions":[{"description":"Lock-screen Bypass","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2017-11-23T10:57:01.000Z","orgId":"25ac1063-e409-4190-8079-24548c77ea2e","shortName":"huawei"},"references":[{"name":"95658","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/95658"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170118-01-smartphone-en"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"psirt@huawei.com","DATE_PUBLIC":"2017-11-15T00:00:00","ID":"CVE-2017-2691","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Huawei P9","version":{"version_data":[{"version_value":"Versions earlier before EVA-AL10C00B373, Versions earlier before EVA-CL00C92B373, Versions earlier before EVA-DL00C17B373, Versions earlier before EVA-TL00C01B373,"}]}}]},"vendor_name":"Huawei Technologies Co., Ltd."}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Huawei P9 versions earlier before EVA-AL10C00B373, versions earlier before EVA-CL00C92B373, versions earlier before EVA-DL00C17B373, versions earlier before EVA-TL00C01B373 have a lock-screen bypass vulnerability. An unauthenticated attacker could force the phone to the fastboot mode and delete the user's password file during the reboot process, then login the phone without screen lock password after reboot."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Lock-screen Bypass"}]}]},"references":{"reference_data":[{"name":"95658","refsource":"BID","url":"http://www.securityfocus.com/bid/95658"},{"name":"http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170118-01-smartphone-en","refsource":"CONFIRM","url":"http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170118-01-smartphone-en"}]}}}},"cveMetadata":{"assignerOrgId":"25ac1063-e409-4190-8079-24548c77ea2e","assignerShortName":"huawei","cveId":"CVE-2017-2691","datePublished":"2017-11-22T19:00:00.000Z","dateReserved":"2016-12-01T00:00:00.000Z","dateUpdated":"2024-09-16T19:35:38.240Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2017-11-22 19:29:00","lastModifiedDate":"2025-04-20 01:37:25","problem_types":["NVD-CWE-noinfo","Lock-screen Bypass"],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"PHYSICAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","baseScore":7.2,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":3.9,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:huawei:p9_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"eva-tl00c01b373","matchCriteriaId":"6673B5F2-C31D-4B3C-88DC-A2DCACCB8872"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:huawei:p9:-:*:*:*:*:*:*:*","matchCriteriaId":"B1E734BC-513F-4FF6-B4AB-46A3AD8FA9BA"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:huawei:p9_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"eva-dl00c17b373","matchCriteriaId":"E1AA8AF4-484E-4511-8B82-5EA0F3045E5F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:huawei:p9:-:*:*:*:*:*:*:*","matchCriteriaId":"B1E734BC-513F-4FF6-B4AB-46A3AD8FA9BA"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:huawei:p9_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"eva-cl00c92b373","matchCriteriaId":"6F398894-34C7-4D09-BD0C-15408F6702DB"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:huawei:p9:-:*:*:*:*:*:*:*","matchCriteriaId":"B1E734BC-513F-4FF6-B4AB-46A3AD8FA9BA"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:huawei:p9_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"eva-al10c00b373","matchCriteriaId":"E6D9BF45-6BA9-4F4A-A69B-350E6D492087"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:huawei:p9:-:*:*:*:*:*:*:*","matchCriteriaId":"B1E734BC-513F-4FF6-B4AB-46A3AD8FA9BA"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2017","CveId":"2691","Ordinal":"1","Title":"CVE-2017-2691","CVE":"CVE-2017-2691","Year":"2017"},"notes":[{"CveYear":"2017","CveId":"2691","Ordinal":"1","NoteData":"Huawei P9 versions earlier before EVA-AL10C00B373, versions earlier before EVA-CL00C92B373, versions earlier before EVA-DL00C17B373, versions earlier before EVA-TL00C01B373 have a lock-screen bypass vulnerability. An unauthenticated attacker could force the phone to the fastboot mode and delete the user's password file during the reboot process, then login the phone without screen lock password after reboot.","Type":"Description","Title":"CVE-2017-2691"},{"CveYear":"2017","CveId":"2691","Ordinal":"2","NoteData":"2017-11-22","Type":"Other","Title":"Published"},{"CveYear":"2017","CveId":"2691","Ordinal":"3","NoteData":"2017-11-23","Type":"Other","Title":"Modified"}]}}}