Published: 06/11/2018 Updated: 24/08/2020

CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 694

Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N

In gatts_process_attribute_req of gatt_sc.cc, there is a possible read of uninitialized data due to a missing bounds check. This could lead to remote information disclosure in the Bluetooth process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-73172115.

Vulnerable Product	Search on Vulmon	Subscribe to Product
google android 8.1
google android 6.0
google android 6.0.1
google android 7.0
google android 7.1.2
google android 7.1.1
google android 8.0

Vulnerability PoCs of Android Bluetoodh avrcp_CVE-2017-13281c is the CVE-2017-13281 poc code $ mv avrcp_CVE-2017-13281c blue-537/profiles/audio/avrcpc just replace blue-537/profiles/audio/avrcpc with poc, and compile the source code on ubuntu 1604， run bluetoothd manually, and paired my pixel xl with my laptop Once paired, the attack payload will be sent automatical

CWE-125 https://source.android.com/security/bulletin/2018-06-01 http://www.securityfocus.com/bid/104461 https://nvd.nist.gov https://github.com/denmilu/Bluedroid

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2018-9358

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect