Vulnerability Details CVE-2017-13209
In the ServiceManager::add function in the hardware service manager, there is an insecure permissions check based on the PID of the caller which could allow an application or service to replace a HAL service with its own service. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-68217907.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 63.4%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 7.2
References
- http://www.securityfocus.com/bid/102415
- http://www.securitytracker.com/id/1040106
- https://source.android.com/security/bulletin/2018-01-01
- https://www.exploit-db.com/exploits/43513/
- http://www.securityfocus.com/bid/102415
- http://www.securitytracker.com/id/1040106
- https://source.android.com/security/bulletin/2018-01-01
- https://www.exploit-db.com/exploits/43513/