nvd-json-data-feeds/CVE-2017/CVE-2017-06xx/CVE-2017-0649.json

{
  "id": "CVE-2017-0649",
  "sourceIdentifier": "security@android.com",
  "published": "2017-06-14T13:29:00.607",
  "lastModified": "2024-11-21T03:03:23.767",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An elevation of privilege vulnerability in the MediaTek sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and because of vulnerability specific details which limit the impact of the issue. Product: Android. Versions: N/A. Android ID: A-34468195. References: M-ALPS03162283."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de elevaci\u00f3n de privilegios en el controlador de sonido MediaTek podr\u00eda permitir una aplicaci\u00f3n maliciosa local ejecutar c\u00f3digo arbitrario en el contexto del kernel. Este problema se ha clasificado como Moderado debido a que primeramente hay que comprometer un proceso con privilegios y debido a los detalles espec\u00edficos de la vulnerabilidad lo que limitar\u00eda el impacto del problema. Producto: Android. Versi\u00f3n: no aplica. Android ID: A-34468195. References: M-ALPS03162283."
    }
  ],
  "metrics": {
    "cvssMetricV30": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.0",
          "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "baseScore": 7.0,
          "baseSeverity": "HIGH",
          "attackVector": "LOCAL",
          "attackComplexity": "HIGH",
          "privilegesRequired": "NONE",
          "userInteraction": "REQUIRED",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH"
        },
        "exploitabilityScore": 1.0,
        "impactScore": 5.9
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
          "baseScore": 7.6,
          "accessVector": "NETWORK",
          "accessComplexity": "HIGH",
          "authentication": "NONE",
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "availabilityImpact": "COMPLETE"
        },
        "baseSeverity": "HIGH",
        "exploitabilityScore": 4.9,
        "impactScore": 10.0,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": true
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "568E2561-A068-46A2-B331-BBA91FC96F0C"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://www.securityfocus.com/bid/98866",
      "source": "security@android.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ]
    },
    {
      "url": "http://www.securitytracker.com/id/1038623",
      "source": "security@android.com"
    },
    {
      "url": "https://source.android.com/security/bulletin/2017-06-01",
      "source": "security@android.com",
      "tags": [
        "Vendor Advisory"
      ]
    },
    {
      "url": "http://www.securityfocus.com/bid/98866",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ]
    },
    {
      "url": "http://www.securitytracker.com/id/1038623",
      "source": "af854a3a-2127-422b-91ae-364da2661108"
    },
    {
      "url": "https://source.android.com/security/bulletin/2017-06-01",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ]
    }
  ]
}