CVE-2016-0832

Setup Wizard in Android 5.1.x before LMY49H and 6.x before 2016-03-01 allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism and delete data via unspecified vectors, aka internal bug 25955042.

CVSS v3 6.1 MEDIUM
CVSS v2.0 6.6 MEDIUM

6.1^/10

CVSS v3 : MEDIUM

Vector : AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Exploitability : 0.9 / Impact : 5.2

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.6^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:L/Au:N/C:N/I:C/A:C

Exploitability : 3.9 / Impact : 9.2

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://source.android.com/security/bulletin/2016-03-01.html	Vendor Advisory
http://www.securityfocus.com/bid/84264
http://source.android.com/security/bulletin/2016-03-01.html	Vendor Advisory
http://www.securityfocus.com/bid/84264

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:google:android:5.0:::::::*
	cpe:2.3:o:google:android:5.0.1:::::::*
	cpe:2.3:o:google:android:5.0.2:::::::*
	cpe:2.3:o:google:android:5.1:::::::*
	cpe:2.3:o:google:android:5.1.0:::::::*
	cpe:2.3:o:google:android:5.1.1:::::::*
	cpe:2.3:o:google:android:6.0:::::::*
	cpe:2.3:o:google:android:6.0.1:::::::*

History

21 Nov 2024, 02:42

Type	Values Removed	Values Added
References	~~() http://source.android.com/security/bulletin/2016-03-01.html - Vendor Advisory~~	() http://source.android.com/security/bulletin/2016-03-01.html - Vendor Advisory
References	~~() http://www.securityfocus.com/bid/84264 -~~	() http://www.securityfocus.com/bid/84264 -

Information

Published : 2016-03-12 21:59

Updated : 2025-04-12 10:46

NVD link : CVE-2016-0832

Mitre link : CVE-2016-0832

CVE.ORG link : CVE-2016-0832

JSON object : View

Products Affected

google

android

CWE

CWE-254

7PK - Security Features

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2016-0832", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 9.2, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.1, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 5.2, "exploitabilityScore": 0.9}]}, "published": "2016-03-12T21:59:16.837", "references": [{"url": "http://source.android.com/security/bulletin/2016-03-01.html", "tags": ["Vendor Advisory"], "source": "security@android.com"}, {"url": "http://www.securityfocus.com/bid/84264", "source": "security@android.com"}, {"url": "http://source.android.com/security/bulletin/2016-03-01.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/84264", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-254"}, {"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "Setup Wizard in Android 5.1.x before LMY49H and 6.x before 2016-03-01 allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism and delete data via unspecified vectors, aka internal bug 25955042."}, {"lang": "es", "value": "Setup Wizard en Android 5.1.x en versiones anteriores a LMY49H y 6.x en versiones anteriores a 2016-03-01 permite a atacantes f\u00edsicamente pr\u00f3ximos eludir el mecanismo de protecci\u00f3n Factory Reset Protection y borrar datos a trav\u00e9s de vectores no especificados, tambi\u00e9n conocida como error interno 25955042."}], "lastModified": "2025-04-12T10:46:40.837", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7C4E6353-B77A-464F-B7DE-932704003B33"}, {"criteria": "cpe:2.3:o:google:android:5.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "77125688-2CCA-4990-ABB2-551D47CB0CDD"}, {"criteria": "cpe:2.3:o:google:android:5.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E9915371-C730-41F7-B86E-7E4DE0DF5385"}, {"criteria": "cpe:2.3:o:google:android:5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E7A8EC00-266C-409B-AD43-18E8DFCD6FE3"}, {"criteria": "cpe:2.3:o:google:android:5.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B846C63A-7261-481E-B4A4-0D8C79E0D8A7"}, {"criteria": "cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B1D94CDD-DE7B-444E-A3AE-AE9C9A779374"}, {"criteria": "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E70C6D8D-C9C3-4D92-8DFC-71F59E068295"}, {"criteria": "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "691FA41B-C2CE-413F-ABB1-0B22CB322807"}], "operator": "OR"}]}], "sourceIdentifier": "security@android.com"}