OxygenOS up to 4.0.1 on OnePlus 3/OnePlus 3T Bootloader Persistent access control
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 8.4 | $0-$5k | 0.00 |
Summary
A vulnerability was found in OxygenOS up to 4.0.1 on OnePlus 3/OnePlus 3T and classified as problematic. Impacted is an unknown function of the component Bootloader. Such manipulation leads to access control (Persistent). This vulnerability is referenced as CVE-2017-5626. The attack can only be performed from a local environment. No exploit is available. It is suggested to upgrade the affected component.
Details
A vulnerability, which was classified as critical, has been found in OxygenOS up to 4.0.1 on OnePlus 3/OnePlus 3T. Affected by this issue is an unknown code of the component Bootloader. The manipulation with an unknown input leads to a access control vulnerability (Persistent). Using CWE to declare the problem leads to CWE-264. Impacted is confidentiality, integrity, and availability. CVE summarizes:
OxygenOS before version 4.0.2, on OnePlus 3 and 3T, has two hidden fastboot oem commands (4F500301 and 4F500302) that allow the attacker to lock/unlock the bootloader, disregarding the 'OEM Unlocking' checkbox, without user confirmation and without a factory reset. This allows for persistent code execution with high privileges (kernel/root) with complete access to user data.
The bug was discovered 02/08/2017. The weakness was published 03/12/2017 (Website). The advisory is available at securityresear.ch. This vulnerability is handled as CVE-2017-5626 since 01/29/2017. Local access is required to approach this attack. A simple authentication is needed for exploitation. The technical details are unknown and an exploit is not available. This vulnerability is assigned to T1068 by the MITRE ATT&CK project.
The vulnerability was handled as a non-public zero-day exploit for at least 32 days. During that time the estimated underground price was around $0-$5k.
Upgrading to version 4.0.2 eliminates this vulnerability.
Similar entry is available at VDB-97849. If you want to get best quality of vulnerability data, you may have to visit VulDB.
Product
Name
Version
CPE 2.3
CPE 2.2
Video
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 8.8VulDB Meta Temp Score: 8.6
VulDB Base Score: 7.8
VulDB Temp Score: 7.5
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 9.8
NVD Vector: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Name: PersistentClass: Access control / Persistent
CWE: CWE-264
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: OxygenOS 4.0.2
Timeline
01/29/2017 🔍02/08/2017 🔍
03/12/2017 🔍
03/12/2017 🔍
03/12/2017 🔍
09/06/2020 🔍
Sources
Advisory: securityresear.chStatus: Not defined
CVE: CVE-2017-5626 (🔍)
GCVE (CVE): GCVE-0-2017-5626
GCVE (VulDB): GCVE-100-97850
OSVDB: - OnePlus 3 or 3T device with OxygenOS code execution
See also: 🔍
Entry
Created: 03/12/2017 08:33Updated: 09/06/2020 08:21
Changes: 03/12/2017 08:33 (62), 09/06/2020 08:21 (2)
Complete: 🔍
Cache ID: 216::103
If you want to get best quality of vulnerability data, you may have to visit VulDB.
No comments yet. Languages: en.
Please log in to comment.