Vulnerability Name:

CVE-2017-14908

Assigned:2017-09-28
Published:2017-12-04
Updated:2017-12-07
Summary:In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the SafeSwitch test application does not properly validate the number of blocks to verify.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
4.6 Medium (CCN Temporal CVSS v3 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:
References:Source: BID
Type: UNKNOWN
102072

Source: XF
Type: UNKNOWN
android-cve201714908-unspecified(135973)

Source: CONFIRM
Type: UNKNOWN
https://source.android.com/security/bulletin/2017-12-01

Vulnerable Configuration:
Configuration CCN 1:
  • cpe:/a:google:android_api:1.0:*:*:*:*:*:*:*

  • Denotes that component is vulnerable
    BACK