What is CVE-2018-16270?

CVE-2018-16270 is a high-severity vulnerability in Samsung Galaxy_gear, classified under Improper Privilege Management. CVSS score: 7.5/10. Published 2020-01-22.

How severe is CVE-2018-16270?

High severity. CVSS v3 base score is 7.5 out of 10.

Privilege escalation in Samsung Galaxy_gear

CVE-2018-16270

Samsung Galaxy Gear series before build RE2 includes the hcidump utility with no privilege or permission restriction. This allows an unprivileged process to dump Bluetooth HCI packets to an arbitrary file path.

Vulnerability class: Privilege Escalation

EPSS: 0.012 (63.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N.

Affected products

Weakness classification (CWE)

CWE-269 — Improper Privilege Management

References

cve@mitre.org (Exploit, Third Party Advisory, x_refsource_MISC)
cve@mitre.org (Exploit, Third Party Advisory, x_refsource_MISC)

Frequently asked questions

What is CVE-2018-16270?: CVE-2018-16270 is a high-severity vulnerability in Samsung Galaxy_gear, classified under Improper Privilege Management. CVSS score: 7.5/10. Published 2020-01-22.
How severe is CVE-2018-16270?: High severity. CVSS v3 base score is 7.5 out of 10.