CVE Vulnerabilities

CVE-2016-6715

Published: Nov 25, 2016 | Modified: Mar 07, 2019
CVSS 3.x
5.5
MEDIUM
Source:
NVD
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu
NEGLIGIBLE

An elevation of privilege vulnerability in the Framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could allow a local malicious application to record audio without the users permission. This issue is rated as Moderate because it is a local bypass of user interaction requirements (access to functionality that would normally require either user initiation or user permission.) Android ID: A-29833954.

Affected Software

Name Vendor Start Version End Version
Android Google 4.0 (including) 4.4.4 (excluding)
Android Google 5.0 (including) 5.0.2 (excluding)
Android Google 5.1 (including) 5.1.1 (excluding)
Android Google 6.0 (including) 6.0.1 (including)
Android Google 7.0 (including) 7.0 (including)
Android Ubuntu esm-apps/xenial *
Android Ubuntu trusty *
Android Ubuntu upstream *
Android Ubuntu vivid/stable-phone-overlay *
Android Ubuntu xenial *
Android Ubuntu yakkety *
Android Ubuntu zesty *

References