CVE-2017-5948

An issue was discovered on OnePlus One, X, 2, 3, and 3T devices. OxygenOS and HydrogenOS are vulnerable to downgrade attacks. This is due to a lenient 'updater-script' in OTAs that does not check that the current version is lower than or equal to the given image's. Downgrades can occur even on locked bootloaders and without triggering a factory reset, allowing for exploitation of now-patched vulnerabilities with access to user data. This vulnerability can be exploited by a Man-in-the-Middle (MiTM) attacker targeting the update process. This is possible because the update transaction does not occur over TLS (CVE-2016-10370). In addition, a physical attacker can reboot the phone into recovery, and then use 'adb sideload' to push the OTA (on OnePlus 3/3T 'Secure Start-up' must be off).
References
Link Resource
https://alephsecurity.com/vulns/aleph-2017008 Exploit Technical Description Third Party Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:oneplus:oxygenos:*:*:*:*:*:*:*:*
OR cpe:2.3:h:oneplus:oneplus_3:-:*:*:*:*:*:*:*
cpe:2.3:h:oneplus:oneplus_one:-:*:*:*:*:*:*:*
cpe:2.3:h:oneplus:oneplus_x:-:*:*:*:*:*:*:*
cpe:2.3:h:oneplus:oneplus_2:-:*:*:*:*:*:*:*
cpe:2.3:h:oneplus:oneplus_3t:-:*:*:*:*:*:*:*

Information

Published : 2017-05-11 11:29

Updated : 2019-10-02 17:03


NVD link : CVE-2017-5948

Mitre link : CVE-2017-5948


JSON object : View

CWE
CWE-20

Improper Input Validation

Advertisement

dedicated server usa

Products Affected

oneplus

  • oneplus_3
  • oneplus_2
  • oneplus_one
  • oneplus_3t
  • oneplus_x
  • oxygenos