CVE-2017-0593 — Incorrect Permission Assignment in INC Android

CWE-732 — Incorrect Permission Assignment4 documents4 sources

Severity

7.8HIGHNVD

EPSS

0.0%

top 93.75%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google INC Android Google Android

Timeline

PublishedMay 12

Latest updateMay 13

Description

An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to obtain access to custom permissions. This issue is rated as High because it is a general bypass for operating system protections that isolate application data from other applications. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34114230.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

▶NVDgoogle/android6 versions+5

▶googlegoogle/android

▶CVEListV5google_inc/android5 versions+4

Patches

Patch: source.android.com ↗Patch: source.android.com ↗

🔴Vulnerability Details

GHSA

GHSA-pwwv-w4h6-57p8: An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to obtain access to custom permissions↗2022-05-13

▶

OSV

CVE-2017-0593: An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to obtain access to custom permissions↗2017-05-12

▶

📋Vendor Advisories

Android

CVE-2017-0593: Android Security Bulletin 2017-05-01 CVE: CVE-2017-0593 Severity: HIGH Affected AOSP versions: 6↗2017-05-01

▶