CVE-2017-5625 - In OxygenOS before 4.0.3 on OnePlus 3 and 3T devices, an unauthorized attacker can cause a locked bo

CVE-2017-5625

Summary

In OxygenOS before 4.0.3 on OnePlus 3 and 3T devices, an unauthorized attacker can cause a locked bootloader to partially dump the ciphertext content of an arbitrary partition (except 'keystore') by issuing the 'fastboot oem dump <partition>' fastboot command.

References

https://alephsecurity.com/vulns/aleph-2017006

Vulnerable Configurations

cpe:2.3:o:oneplus:oxygenos:4.0.2:*:*:*:*:*:*:*
cpe:2.3:o:oneplus:oxygenos:4.0.2:*:*:*:*:*:*:*
cpe:2.3:h:oneplus:oneplus_3:-:*:*:*:*:*:*:*
cpe:2.3:h:oneplus:oneplus_3:-:*:*:*:*:*:*:*
cpe:2.3:h:oneplus:oneplus_3t:-:*:*:*:*:*:*:*
cpe:2.3:h:oneplus:oneplus_3t:-:*:*:*:*:*:*:*

CVSS

Base:	2.1 (as of 05-05-2017 - 17:37)
Impact:
Exploitability:

CWE

CWE-476

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:L/AC:L/Au:N/C:P/I:N/A:N

refmap via4

misc

https://alephsecurity.com/vulns/aleph-2017006

Last major update

05-05-2017 - 17:37

Published

25-04-2017 - 16:59

Last modified

05-05-2017 - 17:37