CVE-2015-6618 - Bluetooth in Android 4.4 and 5.x before 5.1.1 LMY48Z allows user-assisted remote attackers to execut

CVE-2015-6618

Summary

Bluetooth in Android 4.4 and 5.x before 5.1.1 LMY48Z allows user-assisted remote attackers to execute arbitrary code by leveraging access to the local physical environment, aka internal bug 24595992.

References

http://source.android.com/security/bulletin/2015-12-01.html

Vulnerable Configurations

cpe:2.3:o:google:android:4.4:*:*:*:*:*:*:*
cpe:2.3:o:google:android:4.4:*:*:*:*:*:*:*
cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:5.1:*:*:*:*:*:*:*
cpe:2.3:o:google:android:5.1:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 09-12-2015 - 17:43)
Impact:
Exploitability:

CWE

CWE-254

CAPEC

Access

Vector	Complexity	Authentication
ADJACENT_NETWORK	HIGH	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:A/AC:H/Au:N/C:P/I:P/A:P

refmap via4

confirm

http://source.android.com/security/bulletin/2015-12-01.html

Last major update

09-12-2015 - 17:43

Published

08-12-2015 - 23:59

Last modified

09-12-2015 - 17:43