CVE-2016-3888

Published Sep 11, 2016

Last updated 7 years ago

Overview

Description: internal/telephony/SMSDispatcher.java in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism, and send premium SMS messages during the Setup Wizard provisioning stage, via unspecified vectors, aka internal bug 29420123.
Source: security@android.com
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 3.0

Type: Primary
Base score: 2.1
Impact score: 1.4
Exploitability score: 0.7
Vector string: CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Severity: LOW

CVSS 2.0

Type: Primary
Base score: 2.1
Impact score: 2.9
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-264

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:google:android:4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A39C31E3-75C0-4E92-A6B5-7D67B22E3449"
          },
          {
            "criteria": "cpe:2.3:o:google:android:4.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BB318EA4-2908-4B91-8DBB-20008FDF528A"
          },
          {
            "criteria": "cpe:2.3:o:google:android:4.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1F4E46A9-B652-47CE-92E8-01021E57724B"
          },
          {
            "criteria": "cpe:2.3:o:google:android:4.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AB9B53C6-AE84-4A45-B83E-8E5CE44F7B93"
          },
          {
            "criteria": "cpe:2.3:o:google:android:4.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "36DD8E3F-6308-4680-B932-4CBD8E58A7FB"
          },
          {
            "criteria": "cpe:2.3:o:google:android:4.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1DA9F0F7-D592-481E-884C-B1A94E702825"
          },
          {
            "criteria": "cpe:2.3:o:google:android:4.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6CD857E7-B878-49F9-BDDA-93DDEBB0B42B"
          },
          {
            "criteria": "cpe:2.3:o:google:android:4.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FBDABB6C-FFF9-4E79-9EF1-BDC0BBDEA9F1"
          },
          {
            "criteria": "cpe:2.3:o:google:android:4.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A47AB858-36DE-4330-8CAC-1B46C5C8DA80"
          },
          {
            "criteria": "cpe:2.3:o:google:android:4.2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "49413FF7-7910-4F74-B106-C3170612CB2A"
          },
          {
            "criteria": "cpe:2.3:o:google:android:4.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A2467F65-A3B7-4E45-A9A5-E5A6EFD99D7B"
          },
          {
            "criteria": "cpe:2.3:o:google:android:4.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A8882E50-7C49-4A99-91F2-DF979CF8BB2F"
          },
          {
            "criteria": "cpe:2.3:o:google:android:4.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "98C32982-095C-4628-9958-118A3D3A9CAA"
          },
          {
            "criteria": "cpe:2.3:o:google:android:4.4.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8FC0FCEA-0B3D-43C1-AB62-4F9C880B4CA1"
          },
          {
            "criteria": "cpe:2.3:o:google:android:4.4.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EC75ED04-B8C7-4CC0-AC64-AE2D9E0CDF5D"
          },
          {
            "criteria": "cpe:2.3:o:google:android:4.4.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FC13D3EE-CC89-4883-8E3D-3FE25FB8CF42"
          },
          {
            "criteria": "cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7C4E6353-B77A-464F-B7DE-932704003B33"
          },
          {
            "criteria": "cpe:2.3:o:google:android:5.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "77125688-2CCA-4990-ABB2-551D47CB0CDD"
          },
          {
            "criteria": "cpe:2.3:o:google:android:5.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E7A8EC00-266C-409B-AD43-18E8DFCD6FE3"
          },
          {
            "criteria": "cpe:2.3:o:google:android:5.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B846C63A-7261-481E-B4A4-0D8C79E0D8A7"
          },
          {
            "criteria": "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E70C6D8D-C9C3-4D92-8DFC-71F59E068295"
          },
          {
            "criteria": "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "691FA41B-C2CE-413F-ABB1-0B22CB322807"
          },
          {
            "criteria": "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "09E6085C-A61E-4A89-BF80-EDD9A7DF1E47"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Configurations

References