ID

VAR-201804-0135


CVE

CVE-2016-10234


TITLE

Android Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2017-013042

DESCRIPTION

An information disclosure vulnerability in the Qualcomm IPA driver. Product: Android. Versions: Android kernel. Android ID: A-34390017. References: QC-CR#1069060. This vulnerability Android ID: A-34390017 References: QC-CR#1069060 It is published asInformation may be obtained. GoogleNexus is a high-end mobile phone series powered by Google on the original Google system. An attacker could exploit this vulnerability to obtain potentially sensitive information that could lead to further attacks. Information obtained may aid in further attacks

Trust: 2.52

sources: NVD: CVE-2016-10234 // JVNDB: JVNDB-2017-013042 // CNVD: CNVD-2017-09915 // BID: 97365 // VULMON: CVE-2016-10234

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-09915

AFFECTED PRODUCTS

vendor:googlemodel:androidscope:eqversion: -

Trust: 1.6

vendor:googlemodel:androidscope:eqversion:0

Trust: 0.9

vendor:googlemodel:nexus 6pscope: - version: -

Trust: 0.9

vendor:googlemodel:nexusscope:eqversion:5x

Trust: 0.9

vendor:googlemodel:pixelscope:eqversion:0

Trust: 0.9

vendor:googlemodel:pixel xlscope:eqversion:0

Trust: 0.9

vendor:googlemodel:androidscope: - version: -

Trust: 0.8

sources: CNVD: CNVD-2017-09915 // BID: 97365 // JVNDB: JVNDB-2017-013042 // CNNVD: CNNVD-201703-205 // NVD: CVE-2016-10234

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-10234
value: MEDIUM

Trust: 1.0

NVD: CVE-2016-10234
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2017-09915
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201703-205
value: MEDIUM

Trust: 0.6

VULMON: CVE-2016-10234
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-10234
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2017-09915
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2016-10234
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-09915 // VULMON: CVE-2016-10234 // JVNDB: JVNDB-2017-013042 // CNNVD: CNNVD-201703-205 // NVD: CVE-2016-10234

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.8

sources: JVNDB: JVNDB-2017-013042 // NVD: CVE-2016-10234

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201703-205

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201703-205

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-013042

PATCH

title:Android のセキュリティに関する公開情報 - 2017 年 4 月url:https://source.android.com/security/bulletin/2017-04-01

Trust: 0.8

title:GoogleNexusQualcommIPADriver Information Disclosure Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/95623

Trust: 0.6

title:Android Security Bulletins: Android Security Bulletin—April 2017url:https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins&qid=025639006d2b3a5a3351c0120c1dcfe8

Trust: 0.1

sources: CNVD: CNVD-2017-09915 // VULMON: CVE-2016-10234 // JVNDB: JVNDB-2017-013042

EXTERNAL IDS

db:NVDid:CVE-2016-10234

Trust: 3.4

db:BIDid:97365

Trust: 2.6

db:SECTRACKid:1038201

Trust: 1.7

db:JVNDBid:JVNDB-2017-013042

Trust: 0.8

db:CNVDid:CNVD-2017-09915

Trust: 0.6

db:CNNVDid:CNNVD-201703-205

Trust: 0.6

db:VULMONid:CVE-2016-10234

Trust: 0.1

sources: CNVD: CNVD-2017-09915 // VULMON: CVE-2016-10234 // BID: 97365 // JVNDB: JVNDB-2017-013042 // CNNVD: CNNVD-201703-205 // NVD: CVE-2016-10234

REFERENCES

url:http://www.securityfocus.com/bid/97365

Trust: 2.4

url:https://source.android.com/security/bulletin/2017-04-01

Trust: 1.7

url:http://www.securitytracker.com/id/1038201

Trust: 1.7

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-10234

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2016-10234

Trust: 0.8

url:https://source.android.com/security/bulletin/2017-04-01.html

Trust: 0.4

url:http://www.android.com/

Trust: 0.3

url:https://cwe.mitre.org/data/definitions/200.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2017-09915 // VULMON: CVE-2016-10234 // BID: 97365 // JVNDB: JVNDB-2017-013042 // CNNVD: CNNVD-201703-205 // NVD: CVE-2016-10234

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 97365

SOURCES

db:CNVDid:CNVD-2017-09915
db:VULMONid:CVE-2016-10234
db:BIDid:97365
db:JVNDBid:JVNDB-2017-013042
db:CNNVDid:CNNVD-201703-205
db:NVDid:CVE-2016-10234

LAST UPDATE DATE

2024-08-14T12:06:59.367000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2017-09915date:2017-06-16T00:00:00
db:VULMONid:CVE-2016-10234date:2018-05-04T00:00:00
db:BIDid:97365date:2017-04-04T16:38:00
db:JVNDBid:JVNDB-2017-013042date:2018-05-23T00:00:00
db:CNNVDid:CNNVD-201703-205date:2018-05-29T00:00:00
db:NVDid:CVE-2016-10234date:2018-05-04T19:12:03.767

SOURCES RELEASE DATE

db:CNVDid:CNVD-2017-09915date:2017-06-16T00:00:00
db:VULMONid:CVE-2016-10234date:2018-04-04T00:00:00
db:BIDid:97365date:2017-04-03T00:00:00
db:JVNDBid:JVNDB-2017-013042date:2018-05-23T00:00:00
db:CNNVDid:CNNVD-201703-205date:2017-03-08T00:00:00
db:NVDid:CVE-2016-10234date:2018-04-04T18:29:01.247