CVE-2017-0493 - OpenCVE

An information disclosure vulnerability in File-Based Encryption could enable a local malicious attacker to bypass operating system protections for the lock screen. This issue is rated as Moderate due to the possibility of bypassing the lock screen. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-32793550.

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Google	Android

Configuration 1 [-]

OR	cpe:2.3:o:google:android:7.0:::::::*
	cpe:2.3:o:google:android:7.1.0:::::::*
	cpe:2.3:o:google:android:7.1.1:::::::*

References

Link	Resource
http://www.securityfocus.com/bid/98140	Third Party Advisory VDB Entry
https://source.android.com/security/bulletin/2017-05-01	Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: google_android

Published: 2017-05-12T15:00:00

Updated: 2017-05-15T09:57:01

Reserved: 2016-11-29T00:00:00

Link: CVE-2017-0493

JSON object: View

NVD Information

Status : Analyzed

Published: 2017-05-12T15:29:00.987

Modified: 2019-10-03T00:03:26.223

Link: CVE-2017-0493

JSON object: View

Redhat Information

No data.

CWE

CWE-922

{"containers": {"cna": {"affected": [{"product": "Android", "vendor": "Google Inc.", "versions": [{"status": "affected", "version": "7.0"}, {"status": "affected", "version": "7.1.1"}]}], "datePublic": "2017-05-01T00:00:00", "descriptions": [{"lang": "en", "value": "An information disclosure vulnerability in File-Based Encryption could enable a local malicious attacker to bypass operating system protections for the lock screen. This issue is rated as Moderate due to the possibility of bypassing the lock screen. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-32793550."}], "problemTypes": [{"descriptions": [{"description": "Information disclosure", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-05-15T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android"}, "references": [{"name": "98140", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/98140"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://source.android.com/security/bulletin/2017-05-01"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@android.com", "ID": "CVE-2017-0493", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Android", "version": {"version_data": [{"version_value": "7.0"}, {"version_value": "7.1.1"}]}}]}, "vendor_name": "Google Inc."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An information disclosure vulnerability in File-Based Encryption could enable a local malicious attacker to bypass operating system protections for the lock screen. This issue is rated as Moderate due to the possibility of bypassing the lock screen. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-32793550."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Information disclosure"}]}]}, "references": {"reference_data": [{"name": "98140", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98140"}, {"name": "https://source.android.com/security/bulletin/2017-05-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-05-01"}]}}}}, "cveMetadata": {"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0493", "datePublished": "2017-05-12T15:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2017-05-15T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "09E6085C-A61E-4A89-BF80-EDD9A7DF1E47", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:7.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "FC30B2A2-9674-4052-B402-20348E50F9E8", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "D835D592-2423-44C6-804A-3AD010112E7C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An information disclosure vulnerability in File-Based Encryption could enable a local malicious attacker to bypass operating system protections for the lock screen. This issue is rated as Moderate due to the possibility of bypassing the lock screen. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-32793550."}, {"lang": "es", "value": "Una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en el Cifrado Basado en Archivos, podr\u00eda permitir a un atacante malicioso local omitir las protecciones del sistema operativo para la pantalla de bloqueo. Este problema est\u00e1 clasificado como moderado debido a la posibilidad de omitir la pantalla de bloqueo. Producto: Android. Versiones: 7.0, 7.1.1. ID de Android: A-32793550."}], "id": "CVE-2017-0493", "lastModified": "2019-10-03T00:03:26.223", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-05-12T15:29:00.987", "references": [{"source": "security@android.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/98140"}, {"source": "security@android.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://source.android.com/security/bulletin/2017-05-01"}], "sourceIdentifier": "security@android.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-922"}], "source": "nvd@nist.gov", "type": "Primary"}]}