8.8

CVE-2013-6271

Exploit
Android 4.0 through 4.3 allows attackers to bypass intended access restrictions and remove device locks via a crafted application that invokes the updateUnlockMethodAndFinish method in the com.android.settings.ChooseLockGeneric class with the PASSWORD_QUALITY_UNSPECIFIED option.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GoogleAndroid Version4.0
GoogleAndroid Version4.0.1
GoogleAndroid Version4.0.2
GoogleAndroid Version4.0.3
GoogleAndroid Version4.0.4
GoogleAndroid Version4.1
GoogleAndroid Version4.1.2
GoogleAndroid Version4.2
GoogleAndroid Version4.2.1
GoogleAndroid Version4.2.2
GoogleAndroid Version4.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 8.9% 0.946
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 8.6 9.2
AV:N/AC:M/Au:N/C:C/I:C/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://seclists.org/fulldisclosure/2013/Nov/204
Exploit
http://www.securitytracker.com/id/1029410
http://www.theregister.co.uk/2013/12/10/android_has_lockbypass_bug/
https://cureblog.de/2013/11/cve-2013-6271-remove-device-locks-from-android-phone/
Exploit