Lucene search

MitreCVE-2014-8610

HistoryDec 15, 2014 - 6:59 p.m.

CVE-2014-8610

2014-12-1518:59:19

CWE-264

mitre

web.nvd.nist.gov

android security

sms vulnerability

cve-2014-8610

androidmanifest.xml

smsreceiver

CVSS2

3.3

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:P/A:N

AI Score

6.6

Confidence

High

EPSS

0.001

Percentile

47.0%

JSON

AndroidManifest.xml in Android before 5.0.0 does not require the SEND_SMS permission for the SmsReceiver receiver, which allows attackers to send stored SMS messages, and consequently transmit arbitrary new draft SMS messages or trigger additional per-message charges from a network operator for old messages, via a crafted application that broadcasts an intent with the com.android.mms.transaction.MESSAGE_SENT action, aka Bug 17671795.

Affected configurations

Nvd

Node

googleandroidRange≤4.4.4

googleandroidMatch1.0

googleandroidMatch1.1

googleandroidMatch1.5

googleandroidMatch1.6

googleandroidMatch2.0

googleandroidMatch2.0.1

googleandroidMatch2.1

googleandroidMatch2.2

googleandroidMatch2.2rev1

googleandroidMatch2.2.1

googleandroidMatch2.2.2

googleandroidMatch2.2.3

googleandroidMatch2.3

googleandroidMatch2.3rev1

googleandroidMatch2.3.1

googleandroidMatch2.3.2

googleandroidMatch2.3.3

googleandroidMatch2.3.4

googleandroidMatch2.3.5

googleandroidMatch2.3.6

googleandroidMatch2.3.7

googleandroidMatch3.0

googleandroidMatch3.1

googleandroidMatch3.2

googleandroidMatch3.2.1

googleandroidMatch3.2.2

googleandroidMatch3.2.4

googleandroidMatch3.2.6

googleandroidMatch4.0

googleandroidMatch4.0.1

googleandroidMatch4.0.2

googleandroidMatch4.0.3

googleandroidMatch4.0.4

googleandroidMatch4.1

googleandroidMatch4.1.2

googleandroidMatch4.2

googleandroidMatch4.2.1

googleandroidMatch4.2.2

googleandroidMatch4.3

googleandroidMatch4.3.1

googleandroidMatch4.4

googleandroidMatch4.4.1

googleandroidMatch4.4.2

googleandroidMatch4.4.3

VendorProductVersionCPE
googleandroid*cpe:2.3:o:google:android:*:*:*:*:*:*:*:*
googleandroid1.0cpe:2.3:o:google:android:1.0:*:*:*:*:*:*:*
googleandroid1.1cpe:2.3:o:google:android:1.1:*:*:*:*:*:*:*
googleandroid1.5cpe:2.3:o:google:android:1.5:*:*:*:*:*:*:*
googleandroid1.6cpe:2.3:o:google:android:1.6:*:*:*:*:*:*:*
googleandroid2.0cpe:2.3:o:google:android:2.0:*:*:*:*:*:*:*
googleandroid2.0.1cpe:2.3:o:google:android:2.0.1:*:*:*:*:*:*:*
googleandroid2.1cpe:2.3:o:google:android:2.1:*:*:*:*:*:*:*
googleandroid2.2cpe:2.3:o:google:android:2.2:*:*:*:*:*:*:*
googleandroid2.2cpe:2.3:o:google:android:2.2:rev1:*:*:*:*:*:*

Vendor	Product	Version	CPE
google	android	*	cpe:2.3:o:google:android::::::::
google	android	1.0	cpe:2.3:o:google:android:1.0:::::::*
google	android	1.1	cpe:2.3:o:google:android:1.1:::::::*
google	android	1.5	cpe:2.3:o:google:android:1.5:::::::*
google	android	1.6	cpe:2.3:o:google:android:1.6:::::::*
google	android	2.0	cpe:2.3:o:google:android:2.0:::::::*
google	android	2.0.1	cpe:2.3:o:google:android:2.0.1:::::::*
google	android	2.1	cpe:2.3:o:google:android:2.1:::::::*
google	android	2.2	cpe:2.3:o:google:android:2.2:::::::*
google	android	2.2	cpe:2.3:o:google:android:2.2:rev1::::::

Rows per page:

1-10 of 451

References

packetstormsecurity.com/files/129282/Android-SMS-Resend.html

seclists.org/fulldisclosure/2014/Dec/8

seclists.org/fulldisclosure/2014/Nov/85

xteam.baidu.com/?p=164

android.googlesource.com/platform/packages/apps/Mms/+/008d6202fca4002a7dfe333f22377faa73585c67

github.com/joswr1ght/drozer-modules/blob/master/whfs/smsdraftsend.py

CVSS2

3.3

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:P/A:N

AI Score

6.6

Confidence

High

EPSS

0.001

Percentile

47.0%

JSON

Related for CVE-2014-8610