Lucene search

[email protected]CVE-2012-5697

HistoryOct 20, 2014 - 4:55 p.m.

CVE-2012-5697

2014-10-2016:55:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2012-5697

btinstall

bulb security

smartphone pentest framework

spf

weak permissions

sensitive information

arbitrary perl code

local users

nvd

8.1 High

AI Score

Confidence

High

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

5.3%

JSON

The btinstall installation script in Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 uses weak permissions (777) for all files in the frameworkgui/ directory, which allows local users to obtain sensitive information or inject arbitrary Perl code via direct access to these files.

CPENameOperatorVersion
bulbsecurity:smartphone_pentest_frameworkbulbsecurity smartphone pentest frameworkle0.1.2

CPE	Name	Operator	Version
bulbsecurity:smartphone_pentest_framework	bulbsecurity smartphone pentest framework	le	0.1.2

References

secunia.com/advisories/51415

twitter.com/georgiaweidman/statuses/269138431567855618

www.htbridge.com/advisory/HTB23123

8.1 High

AI Score

Confidence

High

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

5.3%

JSON

Related for CVE-2012-5697

prion1 htbridge1 securityvulns2