CVE-2017-5947 - OpenCVE

An issue was discovered in OnePlus One, X, 2, 3, 3T, and 5 devices with OxygenOS 5.0 and earlier. The attacker can reboot the device into the Qualcomm Emergency Download (EDL) mode through ADB or by using Volume-Up when connected to USB, which in turn could allow for downgrading partitions such as the Android Bootloader.

No CVSS v4.0

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Oneplus	Oneplus 2 Oneplus 3 Oneplus 3t Oneplus 5 Oneplus One Oneplus X Oxygenos

Configuration 1 [-]

AND

cpe:2.3:o:oneplus:oxygenos:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:oneplus:oneplus_2:-:::::::*
	cpe:2.3:h:oneplus:oneplus_3:-:::::::*
	cpe:2.3:h:oneplus:oneplus_3t:-:::::::*
	cpe:2.3:h:oneplus:oneplus_5:-:::::::*
	cpe:2.3:h:oneplus:oneplus_one:-:::::::*
	cpe:2.3:h:oneplus:oneplus_x:-:::::::*

No data.

References

Link	Providers
https://alephsecurity.com/vulns/aleph-2017007

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2018-03-29T18:00:00

Updated: 2024-08-05T15:18:49.057Z

Reserved: 2017-02-09T00:00:00

Link: CVE-2017-5947

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2018-03-29T18:29:01.310

Modified: 2021-08-12T21:34:16.027

Link: CVE-2017-5947

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-01-22T00:00:00", "descriptions": [{"lang": "en", "value": "An issue was discovered in OnePlus One, X, 2, 3, 3T, and 5 devices with OxygenOS 5.0 and earlier. The attacker can reboot the device into the Qualcomm Emergency Download (EDL) mode through ADB or by using Volume-Up when connected to USB, which in turn could allow for downgrading partitions such as the Android Bootloader."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-03-29T17:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://alephsecurity.com/vulns/aleph-2017007"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-5947", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in OnePlus One, X, 2, 3, 3T, and 5 devices with OxygenOS 5.0 and earlier. The attacker can reboot the device into the Qualcomm Emergency Download (EDL) mode through ADB or by using Volume-Up when connected to USB, which in turn could allow for downgrading partitions such as the Android Bootloader."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://alephsecurity.com/vulns/aleph-2017007", "refsource": "MISC", "url": "https://alephsecurity.com/vulns/aleph-2017007"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T15:18:49.057Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://alephsecurity.com/vulns/aleph-2017007"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-5947", "datePublished": "2018-03-29T18:00:00", "dateReserved": "2017-02-09T00:00:00", "dateUpdated": "2024-08-05T15:18:49.057Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:oneplus:oxygenos:*:*:*:*:*:*:*:*", "matchCriteriaId": "4A8EE237-7537-4691-9B54-2287B47C1695", "versionEndIncluding": "5.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:oneplus:oneplus_2:-:*:*:*:*:*:*:*", "matchCriteriaId": "332B048C-6522-41A7-9DAB-834FBFCA3C00", "vulnerable": false}, {"criteria": "cpe:2.3:h:oneplus:oneplus_3:-:*:*:*:*:*:*:*", "matchCriteriaId": "E6B1891E-38B0-42C5-89D3-3DC12217F087", "vulnerable": false}, {"criteria": "cpe:2.3:h:oneplus:oneplus_3t:-:*:*:*:*:*:*:*", "matchCriteriaId": "4C7E02CB-9EAC-4BFD-8CCC-337610E1CCEE", "vulnerable": false}, {"criteria": "cpe:2.3:h:oneplus:oneplus_5:-:*:*:*:*:*:*:*", "matchCriteriaId": "F179266A-2A67-4A9D-89E6-B3CCE4430A68", "vulnerable": false}, {"criteria": "cpe:2.3:h:oneplus:oneplus_one:-:*:*:*:*:*:*:*", "matchCriteriaId": "8B8AD37A-7539-4F16-8AC2-2556035B0DE2", "vulnerable": false}, {"criteria": "cpe:2.3:h:oneplus:oneplus_x:-:*:*:*:*:*:*:*", "matchCriteriaId": "C0A390FA-9B56-4645-991D-5E9CB16966B9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in OnePlus One, X, 2, 3, 3T, and 5 devices with OxygenOS 5.0 and earlier. The attacker can reboot the device into the Qualcomm Emergency Download (EDL) mode through ADB or by using Volume-Up when connected to USB, which in turn could allow for downgrading partitions such as the Android Bootloader."}, {"lang": "es", "value": "Se ha descubierto un problema en dispositivos OnePlus One, X, 2, 3, 3T y 5 con OxygenOS 5.0 y anteriores. El atacante puede reiniciar el dispositivo en modo Qualcomm Emergency Download (EDL) mediante ADB o empleando la tecla de subir volumen al estar conectado a USB. Esto podr\u00eda permitir la degradaci\u00f3n de particiones como Android Bootloader."}], "id": "CVE-2017-5947", "lastModified": "2021-08-12T21:34:16.027", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-03-29T18:29:01.310", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://alephsecurity.com/vulns/aleph-2017007"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}