CVE-2017-12816 — CRITICAL (9.8)

Vulnerability Description

In Kaspersky Internet Security for Android 11.12.4.1622, some of application exports activities have weak permissions, which might be used by a malware application to get unauthorized access to the product functionality by using Android IPC.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Kaspersky	Internet Security	11.12.4.1622

Related Weaknesses (CWE)

CWE-732

References

http://www.securityfocus.com/bid/100505Third Party AdvisoryVDB Entry
https://support.kaspersky.com/vulnerability.aspx?el=12430#090817Vendor Advisory
http://www.securityfocus.com/bid/100505Third Party AdvisoryVDB Entry
https://support.kaspersky.com/vulnerability.aspx?el=12430#090817Vendor Advisory

FAQ

What is CVE-2017-12816?

CVE-2017-12816 is a vulnerability with a CVSS score of 9.8 (CRITICAL). In Kaspersky Internet Security for Android 11.12.4.1622, some of application exports activities have weak permissions, which might be used by a malware application to get unauthorized access to the pr...

How severe is CVE-2017-12816?

CVE-2017-12816 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2017-12816?

Check the references section above for vendor advisories and patch information. Affected products include: Kaspersky Internet Security.