Описание
In OxygenOS before 4.0.3 on OnePlus 3 and 3T devices, an unauthorized attacker can cause a locked bootloader to partially dump the ciphertext content of an arbitrary partition (except 'keystore') by issuing the 'fastboot oem dump ' fastboot command.
Ссылки
- Technical DescriptionThird Party Advisory
- Technical DescriptionThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 4.0.2 (включая)
Одновременно
cpe:2.3:o:oneplus:oxygenos:*:*:*:*:*:*:*:*
Одно из
cpe:2.3:h:oneplus:oneplus_3:-:*:*:*:*:*:*:*
cpe:2.3:h:oneplus:oneplus_3t:-:*:*:*:*:*:*:*
EPSS
Процентиль: 24%
0.0008
Низкий
4.6 Medium
CVSS3
2.1 Low
CVSS2
Дефекты
CWE-476
Связанные уязвимости
CVSS3: 4.6
github
больше 3 лет назад
In OxygenOS before 4.0.3 on OnePlus 3 and 3T devices, an unauthorized attacker can cause a locked bootloader to partially dump the ciphertext content of an arbitrary partition (except 'keystore') by issuing the 'fastboot oem dump <partition>' fastboot command.
EPSS
Процентиль: 24%
0.0008
Низкий
4.6 Medium
CVSS3
2.1 Low
CVSS2
Дефекты
CWE-476