CVE-2016-10702 Information

Description

Pebble Smartwatch devices through 4.3 mishandle UUID storage which allows attackers to read an arbitrary application’s flash storage and access an arbitrary application’s JavaScript instance by modifying a UUID value within the header of a crafted application binary.

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N

Reference

https://blog.fletchto99.com/2016/november/pebble-app-sandbox-escape/

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

LOW

Base Score

NONE

Base Severity

6.1