Vulnerability Description
Android 6.x before 2016-09-01 and 7.0 before 2016-09-01 allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism by accessing (1) an external tile from a system application, (2) the help feature, or (3) the Settings application during a pre-setup stage, aka internal bug 29194585.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Android | 6.0 |
Related Weaknesses (CWE)
References
- http://source.android.com/security/bulletin/2016-09-01.htmlVendor Advisory
- http://www.securityfocus.com/bid/92854
- http://www.securitytracker.com/id/1036763
- https://android.googlesource.com/platform/frameworks/base/+/e206f02d46ae5e38c74dIssue TrackingPatch
- https://android.googlesource.com/platform/packages/apps/Settings/+/bd5d5176c7402Issue TrackingPatch
- http://source.android.com/security/bulletin/2016-09-01.htmlVendor Advisory
- http://www.securityfocus.com/bid/92854
- http://www.securitytracker.com/id/1036763
- https://android.googlesource.com/platform/frameworks/base/+/e206f02d46ae5e38c74dIssue TrackingPatch
- https://android.googlesource.com/platform/packages/apps/Settings/+/bd5d5176c7402Issue TrackingPatch
FAQ
What is CVE-2016-3889?
CVE-2016-3889 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Android 6.x before 2016-09-01 and 7.0 before 2016-09-01 allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism by accessing (1) an external tile from a syste...
How severe is CVE-2016-3889?
CVE-2016-3889 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-3889?
Check the references section above for vendor advisories and patch information. Affected products include: Google Android.