CVE-2017-0830 — Incorrect Permission Assignment in INC Android

CWE-732 — Incorrect Permission Assignment5 documents5 sources

Severity

7.8HIGHNVD

EPSS

0.1%

top 76.96%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google INC Android Google Android

Timeline

PublishedNov 16

Latest updateMay 13

Description

An elevation of privilege vulnerability in the Android framework (device policy client). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62623498.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶NVDgoogle/android7 versions+6

▶CVEListV5google_inc/android6 versions+5

Patches

Patch: source.android.com ↗Patch: source.android.com ↗

🔴Vulnerability Details

GHSA

GHSA-qjwf-f8w3-wcv2: An elevation of privilege vulnerability in the Android framework (device policy client)↗2022-05-13

▶

CVEList

CVE-2017-0830: An elevation of privilege vulnerability in the Android framework (device policy client)↗2017-11-16

▶

📋Vendor Advisories

Android

CVE-2017-0830: Android Security Bulletin 2017-11-01 CVE: CVE-2017-0830 Severity: HIGH Type: EoP Affected AOSP versions: 6↗2017-11-01

▶

💬Community

Bugzilla

CVE-2016-9589 wildfly: ParseState headerValuesCache can be exploited to fill heap with garbage↗2016-12-14

▶