exploitDog

CVE-2017-13238

Опубликовано: 12 фев. 2018

Источник: nvd

CVSS3: 4.2

CVSS2: 4.7

EPSS Низкий

Описание

In XBLRamDump mode, there is a debug feature that can be used to dump memory contents, if an attacker has physical access to the device. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-64610940.

Ссылки

http://www.securityfocus.com/bid/103024
Third Party Advisory
VDB Entry
https://source.android.com/security/bulletin/2018-02-01
Vendor Advisory
http://www.securityfocus.com/bid/103024
Third Party Advisory
VDB Entry
https://source.android.com/security/bulletin/2018-02-01
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:google:android:-:*:*:*:*:*:*:*

EPSS

Процентиль: 6%

0.00025

Низкий

4.2 Medium

CVSS3

4.7 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-2ghg-9rgq-99xh

CVSS3: 4.2

github

больше 3 лет назад

In XBLRamDump mode, there is a debug feature that can be used to dump memory contents, if an attacker has physical access to the device. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-64610940.

EPSS

Процентиль: 6%

0.00025

Низкий

4.2 Medium

CVSS3

4.7 Medium

CVSS2

Дефекты

CWE-200