Vulnerability Details : CVE-2017-13288
In writeToParcel and readFromParcel of PeriodicAdvertisingReport.java, there is a permission bypass due to a 64/32bit int mismatch. This could lead to a local escalation of privilege where the user can start an activity with system privileges, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-69634768.
Published
2018-04-04 16:29:01
Updated
2019-10-03 00:03:26
Exploit prediction scoring system (EPSS) score for CVE-2017-13288
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less