Search for vulnerabilities
Vulnerability details: VCID-5k45-3h36-aaae
Vulnerability ID VCID-5k45-3h36-aaae
Aliases CVE-2016-0831
Summary The getDeviceIdForPhone function in internal/telephony/PhoneSubInfoController.java in Telephony in Android 5.x before 5.1.1 LMY49H and 6.x before 2016-03-01 does not check for the READ_PHONE_STATE permission, which allows attackers to obtain sensitive information via a crafted application, aka internal bug 25778215.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
System Score Found at
generic_textual Medium http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-0831.html
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2016-0831
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2016-0831
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2016-0831
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2016-0831
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2016-0831
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2016-0831
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2016-0831
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2016-0831
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2016-0831
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2016-0831
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2016-0831
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2016-0831
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2016-0831
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2016-0831
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2016-0831
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2016-0831
epss 0.00153 https://api.first.org/data/v1/epss?cve=CVE-2016-0831
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2016-0831
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2016-0831
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2016-0831
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2016-0831
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2016-0831
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2016-0831
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2016-0831
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2016-0831
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2016-0831
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2016-0831
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2016-0831
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2016-0831
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2016-0831
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2016-0831
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2016-0831
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2016-0831
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2016-0831
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2016-0831
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2016-0831
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2016-0831
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2016-0831
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2016-0831
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2016-0831
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2016-0831
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2016-0831
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2016-0831
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2016-0831
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2016-0831
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2016-0831
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2016-0831
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2016-0831
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2016-0831
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2016-0831
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2016-0831
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2016-0831
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2016-0831
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2016-0831
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2016-0831
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2016-0831
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2016-0831
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2016-0831
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2016-0831
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2016-0831
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2016-0831
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2016-0831
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2016-0831
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2016-0831
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2016-0831
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2016-0831
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2016-0831
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2016-0831
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2016-0831
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2016-0831
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2016-0831
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2016-0831
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2016-0831
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2016-0831
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2016-0831
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2016-0831
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2016-0831
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2016-0831
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2016-0831
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2016-0831
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2016-0831
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2016-0831
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2016-0831
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2016-0831
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2016-0831
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0831
cvssv2 4.3 https://nvd.nist.gov/vuln/detail/CVE-2016-0831
cvssv3 5.5 https://nvd.nist.gov/vuln/detail/CVE-2016-0831
generic_textual High http://source.android.com/security/bulletin/2016-03-01.html
Reference id Reference type URL
http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-0831.html
https://android.googlesource.com/platform/frameworks/opt/telephony/+/79eecef63f3ea99688333c19e22813f54d4a31b1
https://android.googlesource.com/platform/frameworks/opt/telephony/commit/79eecef63f3ea99688333c19e22813f54d4a31b1
https://api.first.org/data/v1/epss?cve=CVE-2016-0831
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0831
http://source.android.com/security/bulletin/2016-03-01.html
http://www.securityfocus.com/bid/84266
cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:5.0.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:5.0.1:*:*:*:*:*:*:*
cpe:2.3:o:google:android:5.0.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:5.0.2:*:*:*:*:*:*:*
cpe:2.3:o:google:android:5.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:5.1:*:*:*:*:*:*:*
cpe:2.3:o:google:android:5.1.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:5.1.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*
cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*
CVE-2016-0831 https://nvd.nist.gov/vuln/detail/CVE-2016-0831
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2016-0831
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2016-0831
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.34194
EPSS Score 0.00077
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.