Lucene search

[email protected]CVE-2017-5623

HistoryMar 19, 2017 - 8:59 p.m.

CVE-2017-5623

2017-03-1920:59:00

CWE-269

[email protected]

web.nvd.nist.gov

oxygenos

oneplus

bootmode

security vulnerability

android

cve-2017-5623

nvd

6.6 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

6.7 Medium

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

19.4%

JSON

An issue was discovered in OxygenOS before 4.1.0 on OnePlus 3 and 3T devices. The attacker can change the bootmode of the device by issuing the ‘fastboot oem boot_mode {rf/wlan/ftm/normal} command’ in contradiction to the threat model of Android where the bootloader MUST NOT allow any security-sensitive operation to be run unless the bootloader is unlocked.

CPENameOperatorVersion
oneplus:oxygenosoneplus oxygenosle4.0.3

CPE	Name	Operator	Version
oneplus:oxygenos	oneplus oxygenos	le	4.0.3

References

www.securityfocus.com/bid/97048

alephsecurity.com/vulns/aleph-2017005

6.6 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

6.7 Medium

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

19.4%

JSON

Related for CVE-2017-5623

cvelist1 prion1 seebug2