CVE-2017-18646

MEDIUM

Android M(6.x) and N(7.x) - Unauthenticated User Switching Bypass via Magnetic Cover

Title source: llm
STIX 2.1

Description

An issue was discovered on Samsung mobile devices with M(6.x) and N(7.x) software. An attacker can bypass the password requirement for tablet user switching by folding the magnetic cover. The Samsung ID is SVE-2017-10602 (December 2017).

References (1)

Core 1
Core References
Vendor Advisory x_refsource_confirm
https://security.samsungmobile.com/securityUpdate.smsb

Scores

CVSS v3 4.6
EPSS 0.0013
EPSS Percentile 2.9%
Attack Vector PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE
CWE-287
Status published
Products (6)
google/android 6.0
google/android 6.0.1
google/android 7.0
google/android 7.1.0
google/android 7.1.1
google/android 7.1.2
Published Apr 08, 2020
Tracked Since Feb 18, 2026