CVE-2018-9524

Опубликовано: 14 нояб. 2018

Источник: nvd

CVSS3: 7.8

CVSS2: 6.9

EPSS Низкий

Описание

In functionality implemented in System UI, there are insufficient protections implemented around overlay windows. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1. Android ID: A-34170870

Ссылки

http://www.securityfocus.com/bid/105848
Third Party Advisory
VDB Entry
https://source.android.com/security/bulletin/2018-11-01
Patch
Vendor Advisory
http://www.securityfocus.com/bid/105848
Third Party Advisory
VDB Entry
https://source.android.com/security/bulletin/2018-11-01
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*

cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*

cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*

cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*

cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*

EPSS

Процентиль: 4%

0.00019

Низкий

7.8 High

CVSS3

6.9 Medium

CVSS2

Дефекты

CWE-1021

Связанные уязвимости

GHSA-rhpq-gc3g-23vr