CVE-2017-5623

Опубликовано: 19 мар. 2017

Источник: nvd

CVSS3: 6.6

CVSS2: 7.2

EPSS Низкий

Описание

An issue was discovered in OxygenOS before 4.1.0 on OnePlus 3 and 3T devices. The attacker can change the bootmode of the device by issuing the 'fastboot oem boot_mode {rf/wlan/ftm/normal} command' in contradiction to the threat model of Android where the bootloader MUST NOT allow any security-sensitive operation to be run unless the bootloader is unlocked.

Ссылки

http://www.securityfocus.com/bid/97048
https://alephsecurity.com/vulns/aleph-2017005
Exploit
Technical Description
Third Party Advisory
http://www.securityfocus.com/bid/97048
https://alephsecurity.com/vulns/aleph-2017005
Exploit
Technical Description
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:oneplus:oxygenos:*:*:*:*:*:*:*:*

Версия до 4.0.3 (включая)

Одно из

cpe:2.3:h:oneplus:oneplus_3:-:*:*:*:*:*:*:*

cpe:2.3:h:oneplus:oneplus_3t:-:*:*:*:*:*:*:*

EPSS

Процентиль: 16%

0.00049

Низкий

6.6 Medium

CVSS3

7.2 High

CVSS2

Дефекты

CWE-269

Связанные уязвимости

GHSA-3jj3-7hg7-2w24