CVE-2013-6271

2013-12-1420:55:03

CWE-264

[email protected]

web.nvd.nist.gov

android security

cve-2013-6271

device lock bypass

crafted application

access restrictions

8.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:C/I:C/A:N

6.6 Medium

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

76.6%

JSON

Android 4.0 through 4.3 allows attackers to bypass intended access restrictions and remove device locks via a crafted application that invokes the updateUnlockMethodAndFinish method in the com.android.settings.ChooseLockGeneric class with the PASSWORD_QUALITY_UNSPECIFIED option.

Affected configurations

NVD

Node

googleandroidMatch4.0

googleandroidMatch4.0.1

googleandroidMatch4.0.2

googleandroidMatch4.0.3

googleandroidMatch4.0.4

googleandroidMatch4.1

googleandroidMatch4.1.2

googleandroidMatch4.2

googleandroidMatch4.2.1

googleandroidMatch4.2.2

googleandroidMatch4.3

CPENameOperatorVersion
google:androidgoogle androideq4.0
google:androidgoogle androideq4.0.1
google:androidgoogle androideq4.0.2
google:androidgoogle androideq4.0.3
google:androidgoogle androideq4.0.4
google:androidgoogle androideq4.1
google:androidgoogle androideq4.1.2
google:androidgoogle androideq4.2
google:androidgoogle androideq4.2.1
google:androidgoogle androideq4.2.2

CPE	Name	Operator	Version
google:android	google android	eq	4.0
google:android	google android	eq	4.0.1
google:android	google android	eq	4.0.2
google:android	google android	eq	4.0.3
google:android	google android	eq	4.0.4
google:android	google android	eq	4.1
google:android	google android	eq	4.1.2
google:android	google android	eq	4.2
google:android	google android	eq	4.2.1
google:android	google android	eq	4.2.2