Vulnerability Details CVE-2017-18695
An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.0) software. Attackers (who control a certain subdomain) can discover a user's credentials, during an email account login, via an EAS autodiscover packet. The Samsung ID is SVE-2016-7654 (January 2017).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 26.3%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 3.5
Products affected by CVE-2017-18695
-
cpe:2.3:o:google:android:4.4
-
cpe:2.3:o:google:android:5.0
-
cpe:2.3:o:google:android:5.1
-
cpe:2.3:o:google:android:6.0
-
cpe:2.3:o:google:android:7.0