CVE-2017-2708

Name of the Vulnerable Software and Affected Versions Nice smartphones versions prior to Nice-AL00C00B0135

Description The issue concerns an authentication bypass in the 'Find Phone' function. This allows an unauthenticated attacker to potentially wipe and factory reset the phone by following specific steps, due to the lack of proper authentication in the 'Find Phone' function. As a result, an attacker could exploit this to bypass the intended security measures of the 'Find Phone' function, enabling them to use the phone normally without authorization.

Recommendations For versions prior to Nice-AL00C00B0135, as a temporary workaround, consider disabling the 'Find Phone' function until a patch is available. Restrict access to the 'Find Phone' feature to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.