CVE-2017-0498

Published Mar 8, 2017

Last updated 5 years ago

Overview

Description: A denial of service vulnerability in Setup Wizard could allow a local attacker to require Google account sign-in after a factory reset. This issue is rated as Moderate because it may require a factory reset to repair the device. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-30352311.
Source: security@android.com
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 3.0

Type: Primary
Base score: 5.5
Impact score: 3.6
Exploitability score: 1.8
Vector string: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 2.1
Impact score: 2.9
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:N/I:N/A:P

Weaknesses

nvd@nist.gov: NVD-CWE-noinfo

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7C4E6353-B77A-464F-B7DE-932704003B33"
          },
          {
            "criteria": "cpe:2.3:o:google:android:5.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "77125688-2CCA-4990-ABB2-551D47CB0CDD"
          },
          {
            "criteria": "cpe:2.3:o:google:android:5.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E9915371-C730-41F7-B86E-7E4DE0DF5385"
          },
          {
            "criteria": "cpe:2.3:o:google:android:5.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E7A8EC00-266C-409B-AD43-18E8DFCD6FE3"
          },
          {
            "criteria": "cpe:2.3:o:google:android:5.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B846C63A-7261-481E-B4A4-0D8C79E0D8A7"
          },
          {
            "criteria": "cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B1D94CDD-DE7B-444E-A3AE-AE9C9A779374"
          },
          {
            "criteria": "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E70C6D8D-C9C3-4D92-8DFC-71F59E068295"
          },
          {
            "criteria": "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "691FA41B-C2CE-413F-ABB1-0B22CB322807"
          },
          {
            "criteria": "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "09E6085C-A61E-4A89-BF80-EDD9A7DF1E47"
          },
          {
            "criteria": "cpe:2.3:o:google:android:7.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FC30B2A2-9674-4052-B402-20348E50F9E8"
          },
          {
            "criteria": "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D835D592-2423-44C6-804A-3AD010112E7C"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Configurations

References