Lucene search

[email protected]CVE-2009-2348

HistoryJul 17, 2009 - 4:30 p.m.

CVE-2009-2348

2009-07-1716:30:00

CWE-94

[email protected]

web.nvd.nist.gov

android

1.5

crbxx

cve-2009-2348

camera

microphone

permission bypass

security vulnerability

6.4 Medium

AI Score

Confidence

Low

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.2%

JSON

Android 1.5 CRBxx allows local users to bypass the (1) Manifest.permission.CAMERA (aka android.permission.CAMERA) and (2) Manifest.permission.AUDIO_RECORD (aka android.permission.RECORD_AUDIO) configuration settings by installing and executing an application that does not make a permission request before using the camera or microphone.

CPENameOperatorVersion
google:androidgoogle androideq1.5

CPE	Name	Operator	Version
google:android	google android	eq	1.5

References

android.git.kernel.org/?p=platform/frameworks/base.git%3Ba=commit%3Bh=4d8adefd35efdea849611b8b02d61f9517e47760

android.git.kernel.org/?p=platform/frameworks/base.git%3Ba=commit%3Bh=7b7225c8fdbead25235c74811b30ff4ee690dc58

android.git.kernel.org/?p=platform/packages/apps/Camera.git%3Ba=commit%3Bh=e655d54160e5a56d4909f2459eeae9012e9f187f

www.ocert.org/advisories/ocert-2009-011.html

www.openwall.com/lists/oss-security/2009/07/16/4

www.securityfocus.com/archive/1/505012/100/0/threaded

www.securityfocus.com/bid/35717

exchange.xforce.ibmcloud.com/vulnerabilities/51798

6.4 Medium

AI Score

Confidence

Low

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.2%

JSON

Related for CVE-2009-2348

prion1 securityvulns2 seebug1