Vulnerability Description
internal/telephony/SMSDispatcher.java in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism, and send premium SMS messages during the Setup Wizard provisioning stage, via unspecified vectors, aka internal bug 29420123.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Android | 4.0 |
Related Weaknesses (CWE)
References
- http://source.android.com/security/bulletin/2016-09-01.htmlVendor Advisory
- http://www.securityfocus.com/bid/92857
- http://www.securitytracker.com/id/1036763
- https://android.googlesource.com/platform/frameworks/opt/telephony/+/b8d1aee993dIssue TrackingPatch
- http://source.android.com/security/bulletin/2016-09-01.htmlVendor Advisory
- http://www.securityfocus.com/bid/92857
- http://www.securitytracker.com/id/1036763
- https://android.googlesource.com/platform/frameworks/opt/telephony/+/b8d1aee993dIssue TrackingPatch
FAQ
What is CVE-2016-3888?
CVE-2016-3888 is a vulnerability with a CVSS score of 2.1 (LOW). internal/telephony/SMSDispatcher.java in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allows physically proximate attackers to byp...
How severe is CVE-2016-3888?
CVE-2016-3888 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-3888?
Check the references section above for vendor advisories and patch information. Affected products include: Google Android.