In setAllowOnlyVpnForUids of NetworkManagementService.java, there is a possible security settings bypass due to a missing permission check. This could lead to local escalation of privilege allowing users to access non-VPN networks, when they are supposed to be restricted to the VPN networks, with no additional execution privileges needed. User interaction is not needed for exploitation.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://source.android.com/security/bulletin/2018-05-01 |
History
Wed, 18 Dec 2024 15:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-862 | |
CPEs | cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:* cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:* cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:* cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:* cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:* |
Tue, 19 Nov 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Google
Google android |
|
Weaknesses | CWE-276 | |
CPEs | cpe:2.3:o:google:android:-:*:*:*:*:*:*:* | |
Vendors & Products |
Google
Google android |
|
Metrics |
cvssV3_1
|
Fri, 15 Nov 2024 22:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | In setAllowOnlyVpnForUids of NetworkManagementService.java, there is a possible security settings bypass due to a missing permission check. This could lead to local escalation of privilege allowing users to access non-VPN networks, when they are supposed to be restricted to the VPN networks, with no additional execution privileges needed. User interaction is not needed for exploitation. | |
References |
|
MITRE
Status: PUBLISHED
Assigner: google_android
Published: 2024-11-15T21:57:39.845Z
Updated: 2024-11-19T16:05:33.399Z
Reserved: 2017-08-23T00:00:00.000Z
Link: CVE-2017-13314
Vulnrichment
Updated: 2024-11-19T16:05:22.250Z
NVD
Status : Analyzed
Published: 2024-11-15T22:15:14.440
Modified: 2024-12-18T14:36:21.610
Link: CVE-2017-13314
Redhat
No data.