Tuesday, 1 November 2016

On 01:11 by admin   No comments
A vulnerability classified as critical was found in Samsung Galaxy S4/S5/S6/S7. This vulnerability affects an unknown function of the file wifi-service.jar of the component BroadcastReceiver. The manipulation with an unknown input leads to a privilege escalation vulnerability. As an impact it is known to affect confidentiality, integrity, and availability.
The weakness was released 10/31/2016. This vulnerability was named CVE-2016-7988. There are known technical details, but no exploit is available. The current price for an exploit might be approx. USD $2k-$5k.
There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
Similar entries are available at 93197, 93198 and 93199.

CVSSv3

Base Score: ≈5.5 
Temp Score: ≈5.5 
Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:X [?]
Reliability: Low

CVSSv2

Base Score: ≈4.1 (CVSS2#AV:A/AC:M/Au:S/C:P/I:P/A:P) 
Temp Score: ≈4.1 (CVSS2#E:ND/RL:ND/RC:ND) 
Reliability: Low

CPE

Exploiting

Class: Privilege escalation
Local: Yes
Remote: No


The Hackers Day Conference,  is a novel occasion  will be held in Lucknow, on the January 15th-16th, 2017. For more details : www.hackersday.org

0 comments:

Post a comment