| Vulnerability Name: | CVE-2017-0529 (CCN-123119) | ||||||||||||||||
| Assigned: | 2016-11-29 | ||||||||||||||||
| Published: | 2017-03-06 | ||||||||||||||||
| Updated: | 2017-07-17 | ||||||||||||||||
| Summary: | An information disclosure vulnerability in the MediaTek driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: N/A. Android ID: A-28449427. References: M-ALPS02710042. | ||||||||||||||||
| CVSS v3 Severity: | 5.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) 4.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
2.9 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)
| ||||||||||||||||
| CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N)
| ||||||||||||||||
| Vulnerability Type: | CWE-200 | ||||||||||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2017-0529 Source: CCN Type: Android Open Source Project Android Security BulletinMarch 2017 Source: BID Type: UNKNOWN 96810 Source: CCN Type: BID-96810 Google Android MediaTek Driver CVE-2017-0529 Information Disclosure Vulnerability Source: SECTRACK Type: UNKNOWN 1037968 Source: XF Type: UNKNOWN android-cve20170529-info-disc(123119) Source: CONFIRM Type: UNKNOWN https://source.android.com/security/bulletin/2017-03-01 Source: MISC Type: Patch, Vendor Advisory https://source.android.com/security/bulletin/2017-03-01.html | ||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||
| Oval Definitions | |||||||||||||||||
| |||||||||||||||||
| BACK | |||||||||||||||||