CERTVU:704828Lookout Mobile Security contains a denial-of-service vulnerability
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
EPSS
Percentile
29.8%
Overview
Lookout Mobile Security version 8.14.1-7fe5f1, and possibly earlier versions, contains a denial-of-service vulnerability.
Description
Lookout Mobile Security (version 8.14.1-7fe5f1) crashes if an intent is sent to com.lookout.security.ScanTell with no arguments.
Impact
A malicious application installed on the phone may be able to disable the Lookout Mobile Security software.
Solution
Apply an Update
Lookout Mobile Security version 8.17-8a39d3f has been released to address this vulnerability.
Vendor Information
704828
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Lookout Affected
Notified: June 11, 2013 Updated: June 27, 2013
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | 3.8 | AV:L/AC:H/Au:S/C:N/I:N/A:C |
| Temporal | 3 | E:POC/RL:OF/RC:C |
| Environmental | 2.3 | CDP:ND/TD:M/CR:ND/IR:ND/AR:ND |
References
<https://play.google.com/store/apps/details?id=com.lookout>
Acknowledgements
Thanks to china.x.orion for reporting this vulnerability.
This document was written by Adam Rauf.
Other Information
| CVE IDs: | CVE-2013-3579 |
|---|---|
| Date Public: | 2013-06-27 Date First Published: |
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
EPSS
Percentile
29.8%