CVE-2017-0645

MEDIUM

Android <7.1.2 - Privilege Escalation

Title source: llm

Description

An elevation of privilege vulnerability in Bluetooth could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it is a local bypass of user interaction requirements. Product: Android. Versions: 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35385327.

Exploits (1)

github WORKING POC 5 stars

by heeeeen · javapoc

https://github.com/heeeeen/CVE-PoC/tree/master/CVE-2017-0645

View Code ZIP pw:eip

References (3)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/98871

[Vendor Advisory] https://source.android.com/security/bulletin/2017-06-01

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1038623

Scores

CVSS v3 5.5

EPSS 0.0009

EPSS Percentile 25.9%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Details

CWE

CWE-200

Status published

Products (5)

google/android 6.0.1

google/android 7.0

google/android 7.1.1

google/android 7.1.2

Google Inc./Android Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2

Published Jun 14, 2017

Tracked Since Feb 18, 2026