CVE-2016-6709

EPSS 0.5%

Vexday Risk Score

3Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS —EPSS 0.5%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

25 Nov 2016Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

An information disclosure vulnerability in Conscrypt and BoringSSL in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable a man-in-the-middle attacker to gain access to sensitive information if a non-standard cipher suite is used by an application. This issue is rated as High because it could be used to access data without permission. Android ID: A-31081987.

Affected products

Google Inc. · Android

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://source.android.com/security/bulletin/2016-11-01.html http://www.securityfocus.com/bid/94169