cvelistv5 - cve-2016-8467

CVE-2016-8467 (GCVE-0-2016-8467)

Vulnerability from cvelistv5

Published

2017-01-13 16:00

Modified

2024-08-06 02:20

Severity ?

CWE

Elevation of privilege

Summary

References

URL

	Vendor	Product	Version
	Google Inc.	Android	Version: n/a

cnvd-2017-00240

Vulnerability from cnvd

Title

Google Nexus Mediaserver拒绝服务漏洞（CNVD-2017-00240）

Description

Google Nexus是基于Android操作系统的系列智能设备，包含有手机、平板电脑。 Google Nexus Mediaserver存在拒绝服务漏洞。远程攻击者可以利用漏洞导致设备挂起或重新启动，拒绝向合法用户提供服务。

Severity

中

Patch Name

Google Nexus Mediaserver拒绝服务漏洞（CNVD-2017-00240）的补丁

Patch Description

Google Nexus是基于Android操作系统的系列智能设备，包含有手机、平板电脑。 Google Nexus Mediaserver存在拒绝服务漏洞。远程攻击者可以利用漏洞导致设备挂起或重新启动，拒绝向合法用户提供服务。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接： https://source.android.com/security/bulletin/2017-01-01.html

Reference

http://www.securityfocus.com/bid/95250

Impacted products

Name
['Google Nexus 6P', 'Cisco Nexus 6']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "95250"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-8467",
      "cveUrl": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8467"
    }
  },
  "description": "Google Nexus\u662f\u57fa\u4e8eAndroid\u64cd\u4f5c\u7cfb\u7edf\u7684\u7cfb\u5217\u667a\u80fd\u8bbe\u5907\uff0c\u5305\u542b\u6709\u624b\u673a\u3001\u5e73\u677f\u7535\u8111\u3002\r\n\r\nGoogle Nexus Mediaserver\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u6f0f\u6d1e\u5bfc\u81f4\u8bbe\u5907\u6302\u8d77\u6216\u91cd\u65b0\u542f\u52a8\uff0c\u62d2\u7edd\u5411\u5408\u6cd5\u7528\u6237\u63d0\u4f9b\u670d\u52a1\u3002",
  "discovererName": "Roee Hay and Michael Goberman of IBM Security X-Force",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://source.android.com/security/bulletin/2017-01-01.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-00240",
  "openTime": "2017-01-10",
  "patchDescription": "Google Nexus\u662f\u57fa\u4e8eAndroid\u64cd\u4f5c\u7cfb\u7edf\u7684\u7cfb\u5217\u667a\u80fd\u8bbe\u5907\uff0c\u5305\u542b\u6709\u624b\u673a\u3001\u5e73\u677f\u7535\u8111\u3002\r\n\r\nGoogle Nexus Mediaserver\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u6f0f\u6d1e\u5bfc\u81f4\u8bbe\u5907\u6302\u8d77\u6216\u91cd\u65b0\u542f\u52a8\uff0c\u62d2\u7edd\u5411\u5408\u6cd5\u7528\u6237\u63d0\u4f9b\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Google Nexus Mediaserver\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2017-00240\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Google Nexus  6P",
      "Cisco Nexus   6"
    ]
  },
  "referenceLink": "http://www.securityfocus.com/bid/95250",
  "serverity": "\u4e2d",
  "submitTime": "2017-01-06",
  "title": "Google Nexus Mediaserver\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2017-00240\uff09"
}

fkie_cve-2016-8467

Vulnerability from fkie_nvd

Published

2017-01-13 16:59

Modified

2025-04-20 01:37

Severity ?

5.5 (Medium) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

References

URL	Tags
security@android.com	http://www.securityfocus.com/bid/95250
security@android.com	https://securityintelligence.com/android-vulnerabilities-attacking-nexus-6-and-6p-custom-boot-modes/
security@android.com	https://source.android.com/security/bulletin/2017-01-01.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/95250
af854a3a-2127-422b-91ae-364da2661108	https://securityintelligence.com/android-vulnerabilities-attacking-nexus-6-and-6p-custom-boot-modes/
af854a3a-2127-422b-91ae-364da2661108	https://source.android.com/security/bulletin/2017-01-01.html	Patch, Vendor Advisory

Impacted products

	Vendor	Product	Version
	google	android	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3138B760-5845-4B97-853D-083482BB61B4",
              "versionEndIncluding": "7.1.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An elevation of privilege vulnerability in the bootloader could enable a local attacker to execute arbitrary modem commands on the device. This issue is rated as High because it is a local permanent denial of service (device interoperability: completely permanent or requiring re-flashing the entire operating system). Product: Android. Versions: N/A. Android ID: A-30308784."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de elevaci\u00f3n de privilegios en el gestor de arranque podr\u00eda permitir a un atacante local ejecutar comandos de m\u00f3dem arbitrarios en el dispositivo. Este problema est\u00e1 clasificado como High porque es una denegaci\u00f3n de servicio local permanente (interoperabilidad del dispositivo: completamente permanente o requiere reflashear todo el sistema operativo). Producto: Android. Versiones: N/A. Android ID: A-30308784."
    }
  ],
  "id": "CVE-2016-8467",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 4.9,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-01-13T16:59:00.590",
  "references": [
    {
      "source": "security@android.com",
      "url": "http://www.securityfocus.com/bid/95250"
    },
    {
      "source": "security@android.com",
      "url": "https://securityintelligence.com/android-vulnerabilities-attacking-nexus-6-and-6p-custom-boot-modes/"
    },
    {
      "source": "security@android.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://source.android.com/security/bulletin/2017-01-01.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/95250"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://securityintelligence.com/android-vulnerabilities-attacking-nexus-6-and-6p-custom-boot-modes/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://source.android.com/security/bulletin/2017-01-01.html"
    }
  ],
  "sourceIdentifier": "security@android.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

gsd-2016-8467

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2016-8467

Aliases

CVE-2016-8467

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-8467",
    "description": "An elevation of privilege vulnerability in the bootloader could enable a local attacker to execute arbitrary modem commands on the device. This issue is rated as High because it is a local permanent denial of service (device interoperability: completely permanent or requiring re-flashing the entire operating system). Product: Android. Versions: N/A. Android ID: A-30308784.",
    "id": "GSD-2016-8467"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-8467"
      ],
      "details": "An elevation of privilege vulnerability in the bootloader could enable a local attacker to execute arbitrary modem commands on the device. This issue is rated as High because it is a local permanent denial of service (device interoperability: completely permanent or requiring re-flashing the entire operating system). Product: Android. Versions: N/A. Android ID: A-30308784.",
      "id": "GSD-2016-8467",
      "modified": "2023-12-13T01:21:22.086952Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@android.com",
        "ID": "CVE-2016-8467",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Android",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Google Inc."
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An elevation of privilege vulnerability in the bootloader could enable a local attacker to execute arbitrary modem commands on the device. This issue is rated as High because it is a local permanent denial of service (device interoperability: completely permanent or requiring re-flashing the entire operating system). Product: Android. Versions: N/A. Android ID: A-30308784."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Elevation of privilege"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://source.android.com/security/bulletin/2017-01-01.html",
            "refsource": "CONFIRM",
            "url": "https://source.android.com/security/bulletin/2017-01-01.html"
          },
          {
            "name": "95250",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/95250"
          },
          {
            "name": "https://securityintelligence.com/android-vulnerabilities-attacking-nexus-6-and-6p-custom-boot-modes/",
            "refsource": "MISC",
            "url": "https://securityintelligence.com/android-vulnerabilities-attacking-nexus-6-and-6p-custom-boot-modes/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.1.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@android.com",
          "ID": "CVE-2016-8467"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An elevation of privilege vulnerability in the bootloader could enable a local attacker to execute arbitrary modem commands on the device. This issue is rated as High because it is a local permanent denial of service (device interoperability: completely permanent or requiring re-flashing the entire operating system). Product: Android. Versions: N/A. Android ID: A-30308784."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://source.android.com/security/bulletin/2017-01-01.html",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://source.android.com/security/bulletin/2017-01-01.html"
            },
            {
              "name": "https://securityintelligence.com/android-vulnerabilities-attacking-nexus-6-and-6p-custom-boot-modes/",
              "refsource": "MISC",
              "tags": [],
              "url": "https://securityintelligence.com/android-vulnerabilities-attacking-nexus-6-and-6p-custom-boot-modes/"
            },
            {
              "name": "95250",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/95250"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 4.9,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2017-01-18T02:59Z",
      "publishedDate": "2017-01-13T16:59Z"
    }
  }
}

An elevation of privilege vulnerability in the bootloader could enable a local attacker to execute arbitrary modem commands on the device. This issue is rated as High because it is a local permanent denial of service (device interoperability: completely permanent or requiring re-flashing the entire operating system). Product: Android. Versions: N/A. Android ID: A-30308784. The boot loader contains a vulnerability that allows elevation of privilege. GoogleNexus is a series of smart devices based on the Android operating system, including mobile phones and tablets. A denial of service vulnerability exists in GoogleNexusMediaserver. A remote attacker can exploit a vulnerability to cause a device to hang or restart, refusing to provide services to legitimate users. Google Nexus is prone to denial-of-service vulnerability. Nexus 6 and Nexus 6P are vulnerable

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201701-0138",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "android",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "google",
        "version": "7.1.0"
      },
      {
        "model": "nexus 6p",
        "scope": null,
        "trust": 0.9,
        "vendor": "google",
        "version": null
      },
      {
        "model": "android",
        "scope": null,
        "trust": 0.8,
        "vendor": "google",
        "version": null
      },
      {
        "model": "nexus",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "6"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "google",
        "version": "7.1.0"
      },
      {
        "model": "nexus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-00240"
      },
      {
        "db": "BID",
        "id": "95250"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-006866"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201701-022"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-8467"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:google:android",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-006866"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Roee Hay and Michael Goberman of IBM Security X-Force.",
    "sources": [
      {
        "db": "BID",
        "id": "95250"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201701-022"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2016-8467",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 4.9,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2016-8467",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.9,
            "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2017-00240",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 1.8,
            "id": "CVE-2016-8467",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2016-8467",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2016-8467",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2017-00240",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201701-022",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2016-8467",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-00240"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-8467"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-006866"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201701-022"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-8467"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An elevation of privilege vulnerability in the bootloader could enable a local attacker to execute arbitrary modem commands on the device. This issue is rated as High because it is a local permanent denial of service (device interoperability: completely permanent or requiring re-flashing the entire operating system). Product: Android. Versions: N/A. Android ID: A-30308784. The boot loader contains a vulnerability that allows elevation of privilege. GoogleNexus is a series of smart devices based on the Android operating system, including mobile phones and tablets. A denial of service vulnerability exists in GoogleNexusMediaserver. A remote attacker can exploit a vulnerability to cause a device to hang or restart, refusing to provide services to legitimate users. Google Nexus is prone to denial-of-service vulnerability. \nNexus 6 and Nexus 6P are vulnerable",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-8467"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-006866"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-00240"
      },
      {
        "db": "BID",
        "id": "95250"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-8467"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-8467",
        "trust": 3.4
      },
      {
        "db": "BID",
        "id": "95250",
        "trust": 2.6
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-006866",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-00240",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201701-022",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-8467",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-00240"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-8467"
      },
      {
        "db": "BID",
        "id": "95250"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-006866"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201701-022"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-8467"
      }
    ]
  },
  "id": "VAR-201701-0138",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-00240"
      }
    ],
    "trust": 1.197479
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-00240"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:22:41.695000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Android Security Bulletin-January 2017",
        "trust": 0.8,
        "url": "https://source.android.com/security/bulletin/2017-01-01.html"
      },
      {
        "title": "Patch for GoogleNexusMediaserver Denial of Service Vulnerability (CNVD-2017-00240)",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/87776"
      },
      {
        "title": "Google Nexus Mediaserver Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=66766"
      },
      {
        "title": "Android Security Bulletins: Android Security Bulletin\u2014January 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins\u0026qid=e8654f311f23268a7da69416ca7535a2"
      },
      {
        "title": "bootmodechecker",
        "trust": 0.1,
        "url": "https://github.com/roeeh/bootmodechecker "
      },
      {
        "title": "Threatpost",
        "trust": 0.1,
        "url": "https://threatpost.com/motorola-moto-g4-g5-vulnerable-to-local-root-shell-attacks/126155/"
      },
      {
        "title": "The Register",
        "trust": 0.1,
        "url": "https://www.theregister.co.uk/2017/01/09/google_caps_punchyourselfintheface_malicious_charger_hack/"
      },
      {
        "title": "Threatpost",
        "trust": 0.1,
        "url": "https://threatpost.com/google-patches-android-custom-boot-mode-vulnerability/122918/"
      },
      {
        "title": "BleepingComputer",
        "trust": 0.1,
        "url": "https://www.bleepingcomputer.com/news/mobile/google-patches-security-holes-in-android-bootloader-for-nexus-devices/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-00240"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-8467"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-006866"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201701-022"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-264",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-006866"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-8467"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.4,
        "url": "http://www.securityfocus.com/bid/95250"
      },
      {
        "trust": 1.9,
        "url": "https://securityintelligence.com/android-vulnerabilities-attacking-nexus-6-and-6p-custom-boot-modes/"
      },
      {
        "trust": 1.8,
        "url": "https://source.android.com/security/bulletin/2017-01-01.html"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8467"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-8467"
      },
      {
        "trust": 0.3,
        "url": "http://code.google.com/android/"
      },
      {
        "trust": 0.3,
        "url": "http://www.google.com/nexus/"
      },
      {
        "trust": 0.3,
        "url": "https://source.android.com/security/bulletin/2017-01-01.html "
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/264.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/roeeh/bootmodechecker"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-00240"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-8467"
      },
      {
        "db": "BID",
        "id": "95250"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-006866"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201701-022"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-8467"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-00240"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-8467"
      },
      {
        "db": "BID",
        "id": "95250"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-006866"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201701-022"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-8467"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-01-10T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-00240"
      },
      {
        "date": "2017-01-13T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-8467"
      },
      {
        "date": "2016-06-29T00:00:00",
        "db": "BID",
        "id": "95250"
      },
      {
        "date": "2017-01-27T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-006866"
      },
      {
        "date": "2016-06-29T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201701-022"
      },
      {
        "date": "2017-01-13T16:59:00.590000",
        "db": "NVD",
        "id": "CVE-2016-8467"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-01-10T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-00240"
      },
      {
        "date": "2017-01-18T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-8467"
      },
      {
        "date": "2017-01-12T04:11:00",
        "db": "BID",
        "id": "95250"
      },
      {
        "date": "2017-01-27T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-006866"
      },
      {
        "date": "2017-01-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201701-022"
      },
      {
        "date": "2024-11-21T02:59:26.020000",
        "db": "NVD",
        "id": "CVE-2016-8467"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201701-022"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Elevated privilege vulnerability in boot loader",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-006866"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "permissions and access control",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201701-022"
      }
    ],
    "trust": 0.6
  }
}

CERTFR-2017-AVI-002

Vulnerability from certfr_avis

De multiples vulnérabilités ont été corrigées dans Google Android (Nexus). Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Google Android (Nexus) toutes versions n'intégrant pas le correctif de sécurité de janvier 2017

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

ghsa-mrqg-m8w4-cprx

Vulnerability from github

Published

2022-05-17 03:04

Modified

2025-04-20 03:31

Severity ?

5.5 (Medium) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-8467"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-01-13T16:59:00Z",
    "severity": "MODERATE"
  },
  "details": "An elevation of privilege vulnerability in the bootloader could enable a local attacker to execute arbitrary modem commands on the device. This issue is rated as High because it is a local permanent denial of service (device interoperability: completely permanent or requiring re-flashing the entire operating system). Product: Android. Versions: N/A. Android ID: A-30308784.",
  "id": "GHSA-mrqg-m8w4-cprx",
  "modified": "2025-04-20T03:31:11Z",
  "published": "2022-05-17T03:04:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8467"
    },
    {
      "type": "WEB",
      "url": "https://securityintelligence.com/android-vulnerabilities-attacking-nexus-6-and-6p-custom-boot-modes"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/2017-01-01.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/95250"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2016-8467 (GCVE-0-2016-8467)

Vulnerability from cvelistv5

cnvd-2017-00240

Vulnerability from cnvd

fkie_cve-2016-8467

Vulnerability from fkie_nvd

gsd-2016-8467

Vulnerability from gsd

var-201701-0138

Vulnerability from variot

CERTFR-2017-AVI-002

Vulnerability from certfr_avis

Solution

ghsa-mrqg-m8w4-cprx

Vulnerability from github

Tags

Sightings

Nomenclature