CVE-2016-3908

Loading...

General

Score:4.3/10.0
Severity:Low
Category:Access Control Error

Impact Metrics

Confidentiality:None
Integrity:Partial
Availability:None

Exploitability Metrics

Access Vector:Network
Access Complexity:Medium
Authentication:None

Published on 10/10/16 - Updated on 28/11/16

Description

The Lock Settings Service in Android 6.x before 2016-10-01 and 7.0 before 2016-10-01 allows attackers to remove a device's PIN or password, and consequently gain privileges, via a crafted application, aka internal bug 30003944.

Category: Access Control Error

CWE-264 (Permissions, Privileges, and Access Control)
Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.

Security Notices

US National Vulnerability DatabaseCVE-2016-3908
Agence Nationale de la Sécurité des Systèmes d'Information CERTFR-2016-AVI-326

Exploits

No exploits available for this CVE in our database.

Relative technologies

VendorProduct
googleandroid

Share this vulnerability with:

Twitter Facebook LinkedIn Mail