CVE-2017-5623
Last modified
CVE-2017-5623 is a vulnerability of currently unknown severity. An issue was discovered in OxygenOS before 4.1.0 on OnePlus 3 and 3T devices. The attacker can change the bootmode of the device by issuing the 'fastboot oem boot_mode {rf/wlan/ftm/normal} command' in contradiction to the threat model of Android where the bootloader MUST NOT allow any security-sensitive operation to be run unless the bootloader is unlocked.. EPSS estimates a 0.37% chance of exploitation in the next 30 days.
Description
An issue was discovered in OxygenOS before 4.1.0 on OnePlus 3 and 3T devices. The attacker can change the bootmode of the device by issuing the 'fastboot oem boot_mode {rf/wlan/ftm/normal} command' in contradiction to the threat model of Android where the bootloader MUST NOT allow any security-sensitive operation to be run unless the bootloader is unlocked.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Oneplus | Oxygenos | <= 4.0.3 |
References
- https://alephsecurity.com/vulns/aleph-2017005Exploit, Technical Description, Third Party Advisory
- https://alephsecurity.com/vulns/aleph-2017005Exploit, Technical Description, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-5623?
How severe is CVE-2017-5623?
How do I fix CVE-2017-5623?
Are you affected by CVE-2017-5623?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST