CVE-2017-0416

CVE information

Published

5 years ago

Last Modified

2 years ago

CVSSv2.0 Severity

High

CVSSv3.1 Severity

High

Impact Analysis

Description

An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32886609..

CVSSv2.0 Score

Severity
High
Base Score
9.3/10
Exploit Score
8.6/10
Access Vector
Network
Access Complexity
Medium
Authentication Required
None
Impact Score
10/10
Confidentiality Impact
Complete
Availability Impact
Complete
Integrity Impact
Complete

CVSSv3.1 Score

Severity
High
Base Score
7.8/10
Exploit Score
1.8/10
Access Vector
Local
Access Complexity
Low
Privileges Required
None
Impact Score
5.9/10
Confidentiality Impact
High
Availability Impact
High
Integrity Impact
High
Scope
Unchanged
User Interaction
Required

Products Affected

CPE Affected Vulnerable Excluding Edit
cpe:2.3:o:google:android:7.1.0:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:google:android:5.1.0:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:google:android:4.2:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:google:android:4.1:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:google:android:5.0.2:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:google:android:4.0.2:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:google:android:4.4.3:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:google:android:4.0.4:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:google:android:4.0.3:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:google:android:5.1:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:google:android:4.3:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:google:android:4.3.1:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:google:android:4.0.1:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:google:android:5.0.1:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:google:android:4.2.1:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:google:android:4.2.2:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:google:android:4.4.4:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:google:android:4.0:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:google:android:4.1.2:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:google:android:4.4.2:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:google:android:4.4:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:google:android:4.4.1:*:*:*:*:*:*:*
  Yes
- -

Get started for free to scan for vulnerabilities

Companies of all sizes use Mageni to scan their assets for vulnerabilities. Mageni is free for 7-days then $39 USD Monthly regardless of how many IPs, scans, deployments or users you have. Cancel at Anytime and 7-days Money-Back Guarantee. Developed and supported by certified CompTIA PenTest+ professionals. Mageni contributes 1% of your subscription to removing CO₂ from the atmosphere.

Get Started For Free
App screenshot