CVE-2017-0410 : An elevation of privilege vulnerability in the Framework APIs could enable a loc

An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-31929765.

Published 2017-02-08 15:59:01

Updated 2019-10-03 00:03:26

Source Android (associated with Google Inc. or Open Handset Alliance)

View at NVD, CVE.org

Vulnerability category: OverflowExecute codeGain privilege

Products affected by CVE-2017-0410

Google » Android » Version: 5.1.1
cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*
Matching versions
Google » Android » Version: 6.0.1
cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*
Matching versions
Google » Android » Version: 5.0.2
cpe:2.3:o:google:android:5.0.2:*:*:*:*:*:*:*
Matching versions
Google » Android » Version: 6.0
cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*
Matching versions
Google » Android » Version: 5.0
cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:*
Matching versions
Google » Android » Version: 5.0.1
cpe:2.3:o:google:android:5.0.1:*:*:*:*:*:*:*
Matching versions
Google » Android » Version: 5.1
cpe:2.3:o:google:android:5.1:*:*:*:*:*:*:*
Matching versions
Google » Android » Version: 5.1.0
cpe:2.3:o:google:android:5.1.0:*:*:*:*:*:*:*
Matching versions
Google » Android » Version: 7.0
cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*
Matching versions
Google » Android » Version: 7.1.0
cpe:2.3:o:google:android:7.1.0:*:*:*:*:*:*:*
Matching versions
Google » Android » Version: 7.1.1
cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2017-0410

EPSS FAQ

0.14%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 36 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2017-0410

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C	8.6	10.0	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
7.8	HIGH	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	1.8	5.9	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2017-0410

CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2017-0410

http://www.securityfocus.com/bid/96056

Google Android Framework APIs Multiple Privilege Escalation Vulnerabilities

CVEs referencing this url
http://www.securitytracker.com/id/1037798

Google Android Multiple Flaws Let Users Deny Service, Obtain Potentially Sensitive Information, and Gain Elevated Privileges and Let Remote Users Execute Arbitrary Code - SecurityTracker

CVEs referencing this url
https://source.android.com/security/bulletin/2017-02-01.html

Android Security Bulletin—February 2017 | Android Open Source Project

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2017-0410

Products affected by CVE-2017-0410

Exploit prediction scoring system (EPSS) score for CVE-2017-0410

CVSS scores for CVE-2017-0410

CWE ids for CVE-2017-0410

References for CVE-2017-0410