CVE-2016-6719
Last modified
CVE-2016-6719 is a vulnerability of currently unknown severity. An elevation of privilege vulnerability in the Bluetooth component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application to pair with any Bluetooth device without user consent. This issue is rated as Moderate because it is a local bypass of user interaction requirements (access to functionality that would normally require either user initiation or user permission.) Android ID: A-29043989.. EPSS estimates a 0.34% chance of exploitation in the next 30 days.
Description
An elevation of privilege vulnerability in the Bluetooth component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application to pair with any Bluetooth device without user consent. This issue is rated as Moderate because it is a local bypass of user interaction requirements (access to functionality that would normally require either user initiation or user permission.) Android ID: A-29043989.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Android | >= 4.0, < 4.4.4 | |
| Android | >= 5.0, < 5.0.2 | |
| Android | >= 5.1, < 5.1.1 | |
| Android | >= 6.0, <= 6.0.1 | |
| Android | 7.0 |
References
- http://www.securityfocus.com/bid/94179Third Party Advisory, VDB Entry
- https://source.android.com/security/bulletin/2016-11-01.htmlVendor Advisory
- http://www.securityfocus.com/bid/94179Third Party Advisory, VDB Entry
- https://source.android.com/security/bulletin/2016-11-01.htmlVendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2016-6719?
How severe is CVE-2016-6719?
How do I fix CVE-2016-6719?
Are you affected by CVE-2016-6719?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST