CVE-2016-3760

EPSS 0.05%
Veröffentlicht 11.07.2016 02:00:00
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle security@android.com
CVE-Watchlists
Login
Unerledigt
Login

Bluetooth in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows local users to gain privileges by establishing a pairing that remains present during a session of the primary user, aka internal bug 27410683.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Google ≫ Android Version5.0

Google ≫ Android Version5.0.1

Google ≫ Android Version5.1

Google ≫ Android Version5.1.0

Google ≫ Android Version6.0

Google ≫ Android Version6.0.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.133

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	1.6	5.9	CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	5.4	5.5	6.4	AV:A/AC:M/Au:N/C:P/I:P/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

http://source.android.com/security/bulletin/2016-07-01.html

Vendor Advisory

https://android.googlesource.com/platform/hardware/libhardware/+/8b3d5a64c3c8d010ad4517f652731f09107ae9c5

https://android.googlesource.com/platform/packages/apps/Bluetooth/+/122feb9a0b04290f55183ff2f0384c6c53756bd8

https://android.googlesource.com/platform/system/bt/+/37c88107679d36c419572732b4af6e18bb2f7dce

https://nvd.nist.gov/vuln/detail/CVE-2016-3760

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-3760

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-3760

EUVD