CVE-2016-6771

An elevation of privilege vulnerability in Telephony could enable a local malicious application to access system functions beyond its access level. This issue is rated as Moderate because it is a local bypass of restrictions on a constrained process. Product: Android. Versions: 6.0, 6.0.1, 7.0. Android ID: A-31566390.

• CVE ID
• CVE-2016-6771

• Assigner
• security@android.com

• Vulnerability Status
• Modified

• Published Version
• 2017-01-12T15:59:00

• Last Modified Date
• 2017-01-18T02:59:09

• Version
• 2.0

• Vector String
• AV:N/AC:M/Au:N/C:P/I:P/A:P

• Access Vector
• NETWORK

• Access Compatibility
• MEDIUM

• Authentication
• NONE

• Confidentiality Impact
• PARTIAL

• Integrity Impact
• PARTIAL

• Availability Impact
• PARTIAL

• Base Score
• 6.8

• Severity
• MEDIUM

• Exploitability Score
• 8.6

• Impact Score
• 6.4

• Version
• 3.0

• Vector String
• CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

• Attack Vector
• LOCAL

• Attack Compatibility
• LOW

• Privileges Required
• NONE

• User Interaction
• REQUIRED

• Scope
• UNCHANGED

• Confidentiality Impact
• LOW

• Availability Impact
• LOW

• Base Score
• 5.3

• Base Severity
• MEDIUM

• Exploitability Score
• 1.8

• Impact Score
• 3.4