| Vulnerability Name: | CVE-2017-0554 (CCN-124491) | ||||||||||||
| Assigned: | 2016-11-29 | ||||||||||||
| Published: | 2017-04-07 | ||||||||||||
| Updated: | 2019-10-03 | ||||||||||||
| Summary: | An elevation of privilege vulnerability in the Telephony component could enable a local malicious application to access capabilities outside of its permission levels. This issue is rated as Moderate because it could be used to gain access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33815946. | ||||||||||||
| CVSS v3 Severity: | 7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) 6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
6.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
| ||||||||||||
| Vulnerability Type: | CWE-862 | ||||||||||||
| Vulnerability Consequences: | Gain Privileges | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2017-0554 Source: BID Type: Third Party Advisory, VDB Entry 97343 Source: CCN Type: BID-97343 Google Android CVE-2017-0554 Privilege Escalation Vulnerability Source: SECTRACK Type: UNKNOWN 1038201 Source: CCN Type: Google Web site Android Source: XF Type: UNKNOWN android-cve20170554-priv-esc(124491) Source: CCN Type: Android Open Source Project Android Security Bulletin—April 2017 Source: CONFIRM Type: Vendor Advisory https://source.android.com/security/bulletin/2017-04-01 | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||