9.3

CVE-2016-3833

The Shell component in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 does not properly manage the MANAGE_USERS and CREATE_USERS permissions, which allows attackers to bypass intended access restrictions via a crafted application, aka internal bug 29189712.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GoogleAndroid Version5.0
GoogleAndroid Version5.0.1
GoogleAndroid Version5.1
GoogleAndroid Version5.1.0
GoogleAndroid Version6.0
GoogleAndroid Version6.0.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.48% 0.373
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://source.android.com/security/bulletin/2016-08-01.html
Vendor Advisory
http://www.securityfocus.com/bid/92225
https://android.googlesource.com/platform/frameworks/base/+/01875b0274e74f97edf6b0d5c92de822e0555d03
Patch
Issue Tracking
https://android.googlesource.com/platform/frameworks/base/+/4e4743a354e26467318b437892a9980eb9b8328a
Patch
Issue Tracking