{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58626?format=json","vulnerability_id":"VCID-2ac7-2pc7-vqdf","summary":"An elevation of privilege vulnerability in the Android system (art). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-64211847.","aliases":[{"alias":"CVE-2017-13156"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/87996?format=json","purl":"pkg:deb/debian/android-platform-system-core@0?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/android-platform-system-core@0%3Fdistro=bullseye"},{"url":"http://public2.vulnerablecode.io/api/packages/87992?format=json","purl":"pkg:deb/debian/android-platform-system-core@1:10.0.0%2Br36-7?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/android-platform-system-core@1:10.0.0%252Br36-7%3Fdistro=bullseye"}],"affected_packages":[],"references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-13156","reference_id":"","reference_type":"","scores":[{"value":"0.6306","scoring_system":"epss","scoring_elements":"0.98415","published_at":"2026-06-04T12:55:00Z"},{"value":"0.6306","scoring_system":"epss","scoring_elements":"0.98418","published_at":"2026-06-05T12:55:00Z"},{"value":"0.6306","scoring_system":"epss","scoring_elements":"0.9842","published_at":"2026-06-06T12:55:00Z"},{"value":"0.6306","scoring_system":"epss","scoring_elements":"0.98419","published_at":"2026-06-08T12:55:00Z"},{"value":"0.6306","scoring_system":"epss","scoring_elements":"0.98417","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-13156"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/android/local/47601.rb","reference_id":"CVE-2017-13156","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/android/local/47601.rb"},{"reference_url":"https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/android/local/janus.rb","reference_id":"CVE-2017-13156","reference_type":"exploit","scores":[],"url":"https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/android/local/janus.rb"}],"weaknesses":[],"exploits":[{"date_added":null,"description":"This module exploits CVE-2017-13156 in Android to install a payload into another\n            application. The payload APK will have the same signature and can be installed\n            as an update, preserving the existing data.\n            The vulnerability was fixed in the 5th December 2017 security patch, and was\n            additionally fixed by the APK Signature scheme v2, so only APKs signed with\n            the v1 scheme are vulnerable.\n            Payload handler is disabled, and a multi/handler must be started first.","required_action":null,"due_date":null,"notes":"SideEffects:\n  - artifacts-on-disk\n  - screen-effects\nReliability: []\nStability:\n  - service-resource-loss\n","known_ransomware_campaign_use":false,"source_date_published":"2017-07-31","exploit_type":null,"platform":"Android","source_date_updated":null,"data_source":"Metasploit","source_url":"https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/android/local/janus.rb"},{"date_added":"2019-11-08","description":"Android Janus - APK Signature Bypass (Metasploit)","required_action":null,"due_date":null,"notes":null,"known_ransomware_campaign_use":true,"source_date_published":"2019-11-08","exploit_type":"local","platform":"android","source_date_updated":"2019-11-08","data_source":"Exploit-DB","source_url":"https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/android/local/janus.rb"}],"severity_range_score":null,"exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2ac7-2pc7-vqdf"}