CVE-2017-0423 Google CVE debrief

Who should care

Android device owners and administrators, MDM/endpoint security teams, and organizations that rely on Bluetooth-enabled Android devices in managed or sensitive environments.

Technical summary

The NVD record and Google Android bulletin describe an elevation-of-privilege issue in Bluetooth affecting Android 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, and 7.1.1, with adjacent release variants also marked vulnerable in NVD's CPE data. The attack requires nearby access and exploitation of another Bluetooth stack vulnerability first. NVD assigns CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N and maps the issue to CWE-732.

Defensive priority

Medium; prioritize if you operate exposed Android fleets with Bluetooth enabled, especially where document access or device privacy is sensitive.

Recommended defensive actions

• Review Android fleet coverage for the affected versions listed by NVD and the Android bulletin.
• Apply the vendor guidance from the Android security bulletin referenced in the record.
• Reduce Bluetooth exposure where operationally feasible, especially on devices that handle sensitive documents.
• Monitor managed devices for OS update compliance and remove or replace unsupported Android builds.
• Treat this as a chained Bluetooth risk and assess whether nearby attacker scenarios are relevant in your environment.

Evidence notes

The supplied corpus ties this CVE to Google/Android guidance and the NVD detail page. The Android bulletin referenced in the record is dated 2017-02-01, while the CVE itself was published in NVD/CVE on 2017-02-08. NVD's vector (AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) supports the adjacency and high-complexity interpretation, and the enrichment provided here does not list any KEV entry.

Official resources