What is CVE-2016-7991?

CVE-2016-7991 is a high-severity vulnerability in Google Android, classified under CWE-388. CVSS score: 7.5/10. Published 2016-10-31.

How severe is CVE-2016-7991?

High severity. CVSS v3 base score is 7.5 out of 10.

Vulnerability in Google Android

CVE-2016-7991

On Samsung Galaxy S4 through S7 devices, the "omacp" app ignores security information embedded in the OMACP messages resulting in remote unsolicited WAP Push SMS messages being accepted, parsed, and handled by the device, leading to unauth…

EPSS: 0.001 (23.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N.

Affected products

Google Android — versions 4.2.2, 4.3, 4.3.1
Samsung Galaxy_s4
Samsung Galaxy_s4_mini
Samsung Galaxy_s5
Samsung Galaxy_s6
Samsung Galaxy_s7
N/a — versions n/a

Weakness classification (CWE)

CWE-388

References

94088 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)
cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)

Frequently asked questions

What is CVE-2016-7991?: CVE-2016-7991 is a high-severity vulnerability in Google Android, classified under CWE-388. CVSS score: 7.5/10. Published 2016-10-31.
How severe is CVE-2016-7991?: High severity. CVSS v3 base score is 7.5 out of 10.