CVE-2017-11042 - In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Li

CVE-2017-11042

Summary

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, ImsService and the IQtiImsExt AIDL APIs are not subject to access control.

References

https://source.android.com/security/bulletin/pixel/2017-12-01

Vulnerable Configurations

cpe:2.3:o:google:android:-:*:*:*:*:*:*:*
cpe:2.3:o:google:android:-:*:*:*:*:*:*:*

CVSS

Base:	4.6 (as of 03-10-2019 - 00:03)
Impact:
Exploitability:

CWE

CWE-862

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:L/AC:L/Au:N/C:P/I:P/A:P

refmap via4

confirm

https://source.android.com/security/bulletin/pixel/2017-12-01

Last major update

03-10-2019 - 00:03

Published

05-12-2017 - 17:29

Last modified

03-10-2019 - 00:03