CVE-2013-6775 : The Chainfire SuperSU package before 1.69 for Android allows attackers to gain p

The Chainfire SuperSU package before 1.69 for Android allows attackers to gain privileges via the (1) backtick or (2) $() type of shell metacharacters in the -c option to /system/xbin/su.

Published 2014-03-31 14:58:58

Updated 2025-04-12 10:46:41

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2013-6775

Chainfire » Supersu » Version: 1.69 For Android
cpe:2.3:a:chainfire:supersu:1.69:*:*:*:*:android:*:*
Matching versions
When used together with: Google » Android » Version: 1.0
When used together with: Google » Android » Version: 1.1
When used together with: Google » Android » Version: 1.5
When used together with: Google » Android » Version: 1.6
When used together with: Google » Android » Version: 2.0
When used together with: Google » Android » Version: 2.0.1
When used together with: Google » Android » Version: 2.1
When used together with: Google » Android » Version: 2.2
When used together with: Google » Android » Version: 2.2 Update Rev1
When used together with: Google » Android » Version: 2.2.1
When used together with: Google » Android » Version: 2.2.2
When used together with: Google » Android » Version: 2.2.3
When used together with: Google » Android » Version: 2.3
When used together with: Google » Android » Version: 2.3 Update Rev1
When used together with: Google » Android » Version: 2.3.1
When used together with: Google » Android » Version: 2.3.2
When used together with: Google » Android » Version: 2.3.3
When used together with: Google » Android » Version: 2.3.4
When used together with: Google » Android » Version: 2.3.5
When used together with: Google » Android » Version: 2.3.6
When used together with: Google » Android » Version: 2.3.7
When used together with: Google » Android » Version: 3.0
When used together with: Google » Android » Version: 3.1
When used together with: Google » Android » Version: 3.2
When used together with: Google » Android » Version: 3.2.1
When used together with: Google » Android » Version: 3.2.2
When used together with: Google » Android » Version: 3.2.4
When used together with: Google » Android » Version: 3.2.6
When used together with: Google » Android » Version: 4.0
When used together with: Google » Android » Version: 4.0.1
When used together with: Google » Android » Version: 4.0.2
When used together with: Google » Android » Version: 4.0.3
When used together with: Google » Android » Version: 4.0.4
When used together with: Google » Android » Version: 4.1
When used together with: Google » Android » Version: 4.1.2
When used together with: Google » Android » Version: 4.2
When used together with: Google » Android » Version: 4.2.1
When used together with: Google » Android » Version: 4.2.2

Exploit prediction scoring system (EPSS) score for CVE-2013-6775

EPSS FAQ

0.34%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 54 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2013-6775

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2013-6775

CWE-264

Assigned by: nvd@nist.gov (Primary)

References for CVE-2013-6775

http://www.securityfocus.com/archive/1/529797

SecurityFocus
Exploit

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2013-6775

Products affected by CVE-2013-6775

Exploit prediction scoring system (EPSS) score for CVE-2013-6775

CVSS scores for CVE-2013-6775

CWE ids for CVE-2013-6775

References for CVE-2013-6775