Privilege Escalation in Google Android - CVE-2016-3900
Published: October 5, 2016 / Updated: October 5, 2016
Vulnerability identifier: #VU742
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2016-3900
CWE-ID: CWE-20
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Google
Affected software:
Google Android
Google Android
Detailed vulnerability description
The vulnerability allows a local application to obtain elevated privileges on the target system.
The vulnerability exists due to improper validation of user-supplied input by the ServiceManager of the affected software. By tricking the victim to follow a malicious link or open a malicious file attackers can gain elevated privileges and cause the application to perform arbitrary services known as privileged processes.
Successful exploitation of this vulnerability will result in privilege escalation on the vulnerable system.
How to mitigate CVE-2016-3900
Update to version 7.1.