NVD

Id
81653  
Name
CVE-2017-5554  
Description
An issue was discovered in ABOOT in OnePlus 3 and 3T OxygenOS before 4.0.2. The attacker can reboot the device into the fastboot mode, which could be done without any authentication. A physical attacker can press the Volume Up button during device boot, where an attacker with ADB access can issue the adb reboot bootloader command. Then, the attacker can put the platform's SELinux in permissive mode, which severely weakens it, by issuing: fastboot oem selinux permissive.  
Reject
 
CVSS Version
2  
CVSS Score
9.3  
Severity
High  
CVSS Base Score
9.3  
CVSS Impact Subscore
10  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:C/I:C/A:C)  
Pub Date
2017-02-07  
Published
2017-01-23  
Modified Date
2017-01-26  
Seq
2017-5554  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
404778 81653 CVE-2017-3433 http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html  View
404779 81653 CVE-2017-3433 95569  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
64975 JVNDB-2017-001361 OnePlus 3 および 3T の OxygenOS の ABOOT における認証なしで fastboot モードでデバイスをリブートされる脆弱性 OnePlus 3 および 3T の OxygenOS の ABOOT には、認証なしで fastboot モードでデバイスをリブートされる脆弱性が存在します。 CVE-2017-5554 CVE-2017-5554 81653 9.3 8.1 http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-001361.html 2017-01-11 2017-02-06 View