CVE-2016-8398 - Unauthenticated messages processed by the UE. Certain NAS messages are processed when no EPS securit

CVE-2016-8398

Summary

Unauthenticated messages processed by the UE. Certain NAS messages are processed when no EPS security context exists in the UE. Product: Android. Versions: Kernel 3.18. Android ID: A-31548486. References: QC-CR#877705.

References

http://www.securityfocus.com/bid/95227
https://source.android.com/security/bulletin/2017-01-01.html

Vulnerable Configurations

cpe:2.3:o:linux:linux_kernel:3.18:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.18:*:*:*:*:*:*:*

CVSS

Base:	10.0 (as of 18-01-2017 - 02:59)
Impact:
Exploitability:

CWE

CWE-254

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bid	95227
confirm	https://source.android.com/security/bulletin/2017-01-01.html

Last major update

18-01-2017 - 02:59

Published

12-01-2017 - 20:59

Last modified

18-01-2017 - 02:59