CVE-2017-0420

EPSS 0.7%

Vexday Risk Score

3Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS —EPSS 0.7%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

08 Feb 2017Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

An information disclosure vulnerability in AOSP Mail could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access to. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32615212.

Affected products

Google Inc. · Android

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://source.android.com/security/bulletin/2017-02-01.html http://www.securityfocus.com/bid/96093 http://www.securitytracker.com/id/1037798