1. Home
  2. CVE Database
  3. CVE-2013-3685
HIGH · 7.0

CVE-2013-3685

A Privilege Escalation Vulnerability exists in Sprite Software Spritebud 1.3.24 and 1.3.28 and Backup 2.5.4105 and 2.5.4108 on LG Android smartphones due to a race condition in the spritebud daemon, w...

Vulnerability Description

A Privilege Escalation Vulnerability exists in Sprite Software Spritebud 1.3.24 and 1.3.28 and Backup 2.5.4105 and 2.5.4108 on LG Android smartphones due to a race condition in the spritebud daemon, which could let a local malicious user obtain root privileges.

CVSS Score

7.0

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
SpritesoftwareSpritebackup2.5.4105
SpritesoftwareSpritebud1.3.24
LgE971-
LgE973-
LgE975-
LgE975K-
LgE975T-
LgE976-
LgE977-
LgF100K-
LgF100L-
LgF100S-
LgF120K-
LgF120L-
LgF120S-
LgF160K-
LgF160L-
LgF160Lv-
LgF160S-
LgF180K-

Related Weaknesses (CWE)

CWE-362

References

FAQ

What is CVE-2013-3685?

CVE-2013-3685 is a vulnerability with a CVSS score of 7.0 (HIGH). A Privilege Escalation Vulnerability exists in Sprite Software Spritebud 1.3.24 and 1.3.28 and Backup 2.5.4105 and 2.5.4108 on LG Android smartphones due to a race condition in the spritebud daemon, w...

How severe is CVE-2013-3685?

CVE-2013-3685 has been rated HIGH with a CVSS base score of 7.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2013-3685?

Check the references section above for vendor advisories and patch information. Affected products include: Spritesoftware Spritebackup, Spritesoftware Spritebud, Lg E971, Lg E973, Lg E975.