CVE-2016-2492 - OpenCVE

The MediaTek power-management driver in Android before 2016-06-01 on Android One devices allows attackers to gain privileges via a crafted application, aka internal bug 28085410.

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Google	Android One Android

Configuration 1 [-]

AND

OR	cpe:2.3:o:google:android:6.0:::::::*
	cpe:2.3:o:google:android:6.0.1:::::::*

cpe:2.3:h:google:android_one:-:*:*:*:*:*:*:*

References

Link	Resource
http://source.android.com/security/bulletin/2016-06-01.html	Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: google_android

Published: 2016-06-13T01:00:00

Updated: 2016-06-13T01:57:01

Reserved: 2016-02-18T00:00:00

Link: CVE-2016-2492

JSON object: View

NVD Information

Status : Analyzed

Published: 2016-06-13T01:59:31.767

Modified: 2016-06-16T14:14:09.873

Link: CVE-2016-2492

JSON object: View

Redhat Information

No data.

CWE

CWE-264

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E70C6D8D-C9C3-4D92-8DFC-71F59E068295", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "691FA41B-C2CE-413F-ABB1-0B22CB322807", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:google:android_one:-:*:*:*:*:*:*:*", "matchCriteriaId": "50A96E21-4545-41AD-9FDB-E6F2B59F2DEF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "The MediaTek power-management driver in Android before 2016-06-01 on Android One devices allows attackers to gain privileges via a crafted application, aka internal bug 28085410."}, {"lang": "es", "value": "El controlador power-management MediaTek en Android en versiones anteriores a 2016-06-01 en dispositivos Android One permite a atacantes obtener privilegios a trav\u00e9s de una aplicaci\u00f3n manipulada, tambi\u00e9n conocido como error interno 28085410."}], "id": "CVE-2016-2492", "lastModified": "2016-06-16T14:14:09.873", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-06-13T01:59:31.767", "references": [{"source": "security@android.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://source.android.com/security/bulletin/2016-06-01.html"}], "sourceIdentifier": "security@android.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}