CVE-2017-0785:
Information disclosure vulnerability in the Android Bluetooth subsystem affecting multiple Android versions (4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0).
Score
A numerical rating that indicates how dangerous this vulnerability is.
6.5Medium- Published Date:Sep 14, 2017
- CISA KEV Date:*No Data*
- Industries Affected:20
Threat Predictions
- EPSS Score:13.9
- EPSS Percentile:94%
Exploitability
- Score:2.8
- Attack Vector:ADJACENT_NETWORK
- Attack Complexity:LOW
- Privileges Required:NONE
- User Interaction:NONE
- Scope:UNCHANGED
Impact
- Score:3.6
- Confidentiality Impact:HIGH
- Integrity Impact:NONE
- Availability Impact:NONE
Description Preview
Information disclosure vulnerability in the Android Bluetooth subsystem affecting multiple Android versions (4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0).
Overview
CVE-2017-0785 is an information disclosure vulnerability in the Android Bluetooth subsystem that affects Android versions from 4.4.4 through 8.0. The vulnerability could enable leakage of sensitive data via Bluetooth, potentially exposing device identifiers or other Bluetooth-related information. The issue was disclosed publicly in 2017, with subsequent security updates and advisories addressing the flaw.
Remediation
- Apply the latest Android security updates and patches from Google and device OEMs to ensure the fix for CVE-2017-0785 is installed.
- If a patch is not yet available, mitigate by disabling Bluetooth when not in use and keeping the device non-discoverable to reduce exposure.
- For organizations, enforce patch management through MDM/EMM to ensure devices reach an appropriate security baseline and monitor patch status.
- Review and follow the Android Security Bulletin 2017-09-01 and related advisories for information about fixed versions and mitigations.
References
Industries Affected
Below is a list of industries most commonly impacted or potentially at risk based on intelligence.
