CVE-2013-6770

Name: CVE-2013-6770
Creator: NVD / NIST
Published: 2014-03-31T14:58:57.79+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 0.66%

Last modified Jun 17, 2026

CVE-2013-6770 is a vulnerability of currently unknown severity. The CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.3 and 4.4 does not properly restrict the set of users who can execute /system/xbin/su with the --daemon option, which allows attackers to gain privileges by leveraging ADB shell access and a certain Linux UID, and then creating a Trojan horse script.. EPSS estimates a 0.66% chance of exploitation in the next 30 days.

Description

The CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.3 and 4.4 does not properly restrict the set of users who can execute /system/xbin/su with the --daemon option, which allows attackers to gain privileges by leveraging ADB shell access and a certain Linux UID, and then creating a Trojan horse script.

Metrics

EPSS Probability

0.66%

46.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-264

Affected Software

Vendor	Product	Versions
Koushik Dutta	Superuser	1.0.2.1
Google	Android	4.4

References

Timeline

Published: Mar 31, 2014
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2013-6770?

How severe is CVE-2013-6770?

Severity scoring for CVE-2013-6770 is pending analysis. The EPSS model estimates a 0.66% probability of exploitation in the next 30 days.

How do I fix CVE-2013-6770?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2013-6770?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST