CVE-2017-17149

Published: Mar 9, 2018Modified: Nov 21, 2024

3.9

Vector

CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

Exploitability: 0.3 / Impact: 3.6

Source: NVD

Description

Huawei HiWallet App with the versions before 8.0.4 has an arbitrary lock pattern change vulnerability. It needs to verify the user's Huawei ID during lock pattern change. An attacker with root privilege who gets a user's smart phone may bypass Huawei ID verification by special operation. Successful exploit of this vulnerability can allow an attacker to change the lock pattern of HiWallet.

Affected (1)

Products: Huawei: Hiwallet

Huawei

1 product

Hiwallet

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Huawei Hiwallet	Before 8.0.4

References (2)

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-01-hiwallet-en

Source: psirt@huawei.com

Vendor Advisory

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-01-hiwallet-en

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.