CVE-2017-17860

MEDIUM

Google Android - Improper Input Validation

Title source: rule
STIX 2.1

Description

In Samsung Gear products, Bluetooth link key is updated to the different key which is same with attacker's link key. It can be attacked without user's intention only if attacker can reveal the Bluetooth address of target device and paired user's smartphone

References (1)

Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://drive.google.com/open?id=0B5L-0MoH_v7fcGljUS1SYnlkOHM

Scores

CVSS v3 5.7
EPSS 0.0029
EPSS Percentile 20.5%
Attack Vector ADJACENT_NETWORK
CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Details

CWE
CWE-20
Status published
Products (1)
google/android
Published Jan 18, 2018
Tracked Since Feb 18, 2026