Details of VAR-201804-0135

ID

VAR-201804-0135

CVE

CVE-2016-10234

TITLE

Android Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2017-013042

DESCRIPTION

An information disclosure vulnerability in the Qualcomm IPA driver. Product: Android. Versions: Android kernel. Android ID: A-34390017. References: QC-CR#1069060. This vulnerability Android ID: A-34390017 References: QC-CR#1069060 It is published asInformation may be obtained. GoogleNexus is a high-end mobile phone series powered by Google on the original Google system. An attacker could exploit this vulnerability to obtain potentially sensitive information that could lead to further attacks. Information obtained may aid in further attacks

Trust: 2.52

sources: NVD: CVE-2016-10234 // JVNDB: JVNDB-2017-013042 // CNVD: CNVD-2017-09915 // BID: 97365 // VULMON: CVE-2016-10234

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-09915

AFFECTED PRODUCTS

vendor:	google	model:	android	scope:	eq	version:	-	Trust: 1.6
vendor:	google	model:	android	scope:	eq	version:	0	Trust: 0.9
vendor:	google	model:	nexus 6p	scope:	-	version:	-	Trust: 0.9
vendor:	google	model:	nexus	scope:	eq	version:	5x	Trust: 0.9
vendor:	google	model:	pixel	scope:	eq	version:	0	Trust: 0.9
vendor:	google	model:	pixel xl	scope:	eq	version:	0	Trust: 0.9
vendor:	google	model:	android	scope:	-	version:	-	Trust: 0.8

sources: CNVD: CNVD-2017-09915 // BID: 97365 // JVNDB: JVNDB-2017-013042 // CNNVD: CNNVD-201703-205 // NVD: CVE-2016-10234

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-10234
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2016-10234
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2017-09915
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201703-205
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2016-10234
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-10234
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2017-09915
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2016-10234
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-09915 // VULMON: CVE-2016-10234 // JVNDB: JVNDB-2017-013042 // CNNVD: CNNVD-201703-205 // NVD: CVE-2016-10234

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.8

sources: JVNDB: JVNDB-2017-013042 // NVD: CVE-2016-10234

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201703-205

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201703-205

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-013042

PATCH

title:	Android のセキュリティに関する公開情報 - 2017 年 4 月	url:	https://source.android.com/security/bulletin/2017-04-01	Trust: 0.8
title:	GoogleNexusQualcommIPADriver Information Disclosure Vulnerability Patch	url:	https://www.cnvd.org.cn/patchInfo/show/95623	Trust: 0.6
title:	Android Security Bulletins: Android Security Bulletin—April 2017	url:	https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins&qid=025639006d2b3a5a3351c0120c1dcfe8	Trust: 0.1

sources: CNVD: CNVD-2017-09915 // VULMON: CVE-2016-10234 // JVNDB: JVNDB-2017-013042

EXTERNAL IDS

db:	NVD	id:	CVE-2016-10234	Trust: 3.4
db:	BID	id:	97365	Trust: 2.6
db:	SECTRACK	id:	1038201	Trust: 1.7
db:	JVNDB	id:	JVNDB-2017-013042	Trust: 0.8
db:	CNVD	id:	CNVD-2017-09915	Trust: 0.6
db:	CNNVD	id:	CNNVD-201703-205	Trust: 0.6
db:	VULMON	id:	CVE-2016-10234	Trust: 0.1

sources: CNVD: CNVD-2017-09915 // VULMON: CVE-2016-10234 // BID: 97365 // JVNDB: JVNDB-2017-013042 // CNNVD: CNNVD-201703-205 // NVD: CVE-2016-10234

REFERENCES

url:	http://www.securityfocus.com/bid/97365	Trust: 2.4
url:	https://source.android.com/security/bulletin/2017-04-01	Trust: 1.7
url:	http://www.securitytracker.com/id/1038201	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-10234	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2016-10234	Trust: 0.8
url:	https://source.android.com/security/bulletin/2017-04-01.html	Trust: 0.4
url:	http://www.android.com/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/200.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2017-09915 // VULMON: CVE-2016-10234 // BID: 97365 // JVNDB: JVNDB-2017-013042 // CNNVD: CNNVD-201703-205 // NVD: CVE-2016-10234

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 97365

SOURCES

db:	CNVD	id:	CNVD-2017-09915
db:	VULMON	id:	CVE-2016-10234
db:	BID	id:	97365
db:	JVNDB	id:	JVNDB-2017-013042
db:	CNNVD	id:	CNNVD-201703-205
db:	NVD	id:	CVE-2016-10234

LAST UPDATE DATE

2024-08-14T12:06:59.367000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-09915	date:	2017-06-16T00:00:00
db:	VULMON	id:	CVE-2016-10234	date:	2018-05-04T00:00:00
db:	BID	id:	97365	date:	2017-04-04T16:38:00
db:	JVNDB	id:	JVNDB-2017-013042	date:	2018-05-23T00:00:00
db:	CNNVD	id:	CNNVD-201703-205	date:	2018-05-29T00:00:00
db:	NVD	id:	CVE-2016-10234	date:	2018-05-04T19:12:03.767

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-09915	date:	2017-06-16T00:00:00
db:	VULMON	id:	CVE-2016-10234	date:	2018-04-04T00:00:00
db:	BID	id:	97365	date:	2017-04-03T00:00:00
db:	JVNDB	id:	JVNDB-2017-013042	date:	2018-05-23T00:00:00
db:	CNNVD	id:	CNNVD-201703-205	date:	2017-03-08T00:00:00
db:	NVD	id:	CVE-2016-10234	date:	2018-04-04T18:29:01.247