CVE-2016-3888

Published: 11/09/2016 Updated: 13/08/2017

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 2.1 | Impact Score: 1.4 | Exploitability Score: 0.7

VMScore: 187

Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N

internal/telephony/SMSDispatcher.java in Android 4.x prior to 4.4.4, 5.0.x prior to 5.0.2, 5.1.x prior to 5.1.1, 6.x prior to 2016-09-01, and 7.0 prior to 2016-09-01 allows physically proximate malicious users to bypass the Factory Reset Protection protection mechanism, and send premium SMS messages during the Setup Wizard provisioning stage, via unspecified vectors, aka internal bug 29420123.

Vulnerable Product	Search on Vulmon	Subscribe to Product
google android 5.1.0
google android 4.2
google android 4.1
google android 6.0.1
google android 6.0
google android 4.0.2
google android 4.4.3
google android 4.0.4
google android 4.3
google android 4.0.1
google android 7.0
google android 4.2.1
google android 5.0.1
google android 5.0
google android 4.0.3
google android 4.0
google android 4.4
google android 4.4.1
google android 4.2.2
google android 4.3.1
google android 4.4.2
google android 5.1
google android 4.1.2

CWE-264 http://source.android.com/security/bulletin/2016-09-01.html https://android.googlesource.com/platform/frameworks/opt/telephony/+/b8d1aee993dcc565e6576b2f2439a8f5a507cff6 http://www.securityfocus.com/bid/92857 http://www.securitytracker.com/id/1036763 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2016-3888

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect