CVE-2015-7946

HIGH

Unity8 - Unauthenticated Information Exposure via Emergency Dialer

Title source: llm
STIX 2.1

Description

Information Exposure vulnerability in Unity8 as used on the Ubuntu phone and possibly also in Unity8 shipped elsewhere. This allows an attacker to enable the MTP service by opening the emergency dialer. Fixed in 8.11+16.04.20160111.1-0ubuntu1 and 8.11+15.04.20160122-0ubuntu1.

References (1)

Core 1
Core References
Third Party Advisory x_refsource_confirm
https://launchpad.net/bugs/1525981

Scores

CVSS v3 7.3
EPSS 0.0037
EPSS Percentile 28.7%
Attack Vector PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

Details

CWE
CWE-200
Status published
Products (1)
ubports/unity8
Published May 07, 2020
Tracked Since Feb 18, 2026