CVE-2014-9950 : In Core Kernel in all Android releases from CAF using the Linux kernel, an Improper Authorization vulnerability could po

In Core Kernel in all Android releases from CAF using the Linux kernel, an Improper Authorization vulnerability could potentially exist.

Published 2017-06-06 14:29:01

Updated 2017-06-09 15:09:49

View at NVD, CVE.org

Vulnerability category: BypassGain privilege

Exploit prediction scoring system (EPSS) score for CVE-2014-9950

Probability of exploitation activity in the next 30 days: 0.06%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 25 % EPSS Score History EPSS FAQ

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C	8.6	10.0	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
7.8	HIGH	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	1.8	5.9	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE-285 Improper Authorization

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

Assigned by: nvd@nist.gov (Primary)

http://www.securityfocus.com/bid/98251

Google Android Qualcomm Components CVE-2014-9950 Unspecified Security Vulnerability
Third Party Advisory;VDB Entry
https://source.android.com/security/bulletin/2017-05-01

Android Security Bulletin—May 2017 | Android Open Source Project
Patch;Vendor Advisory

CVEs referencing this url

Google » Android » Version: N/A
cpe:2.3:o:google:android:-:*:*:*:*:*:*:*
Matching versions