Vulnerability Details CVE-2016-3908
The Lock Settings Service in Android 6.x before 2016-10-01 and 7.0 before 2016-10-01 allows attackers to remove a device's PIN or password, and consequently gain privileges, via a crafted application, aka internal bug 30003944.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 26.4%
CVSS Severity
CVSS v3 Score 5.5
CVSS v2 Score 4.3
References
- http://source.android.com/security/bulletin/2016-10-01.html
- http://www.securityfocus.com/bid/93290
- https://android.googlesource.com/platform/frameworks/base/+/96daf7d4893f614714761af2d53dfb93214a32e4
- http://source.android.com/security/bulletin/2016-10-01.html
- http://www.securityfocus.com/bid/93290
- https://android.googlesource.com/platform/frameworks/base/+/96daf7d4893f614714761af2d53dfb93214a32e4