CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2016-6709

An information disclosure vulnerability in Conscrypt and BoringSSL in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable a man-in-the-middle attacker to gain access to sensitive information if a non-standard cipher suite is used by an application. This issue is rated as High because it could be used to access data without permission. Android ID: A-31081987.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 32.3%

CVSS Severity

CVSS v3 Score 5.9

CVSS v2 Score 4.3

References

http://www.securityfocus.com/bid/94169
https://source.android.com/security/bulletin/2016-11-01.html
http://www.securityfocus.com/bid/94169
https://source.android.com/security/bulletin/2016-11-01.html

Products affected by CVE-2016-6709

Google » Android » Version: 6.0

cpe:2.3:o:google:android:6.0
Google » Android » Version: 6.0.1

cpe:2.3:o:google:android:6.0.1
Google » Android » Version: 7.0

cpe:2.3:o:google:android:7.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2016-6709

Products

Pricing

Contact Us