CVE-2017-0807

Published Oct 4, 2017

Last updated 5 years ago

CVSS critical 9.8

Overview

Description: An elevation of privilege vulnerability in the Android framework (ui framework). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35056974.
Source: security@android.com
NVD status: Analyzed

Risk scores

CVSS 3.0

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

CVSS 2.0

Type: Primary
Base score: 10
Impact score: 10
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: NVD-CWE-noinfo

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:google:android:4.4.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E3CEEA22-63B4-4702-A400-01349DF0EC1E"
          },
          {
            "criteria": "cpe:2.3:o:google:android:5.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E9915371-C730-41F7-B86E-7E4DE0DF5385"
          },
          {
            "criteria": "cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B1D94CDD-DE7B-444E-A3AE-AE9C9A779374"
          },
          {
            "criteria": "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E70C6D8D-C9C3-4D92-8DFC-71F59E068295"
          },
          {
            "criteria": "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "691FA41B-C2CE-413F-ABB1-0B22CB322807"
          },
          {
            "criteria": "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "09E6085C-A61E-4A89-BF80-EDD9A7DF1E47"
          },
          {
            "criteria": "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D835D592-2423-44C6-804A-3AD010112E7C"
          },
          {
            "criteria": "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "568E2561-A068-46A2-B331-BBA91FC96F0C"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References