Lucene search

CanonicalCVELIST:CVE-2015-7946

HistoryMay 07, 2020 - 10:15 p.m.

CVE-2015-7946 MTP service exposed during emergency dialer

2020-05-0722:15:13

CWE-200

canonical

www.cve.org

CVSS3

7.3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

AI Score

5.7

Confidence

High

EPSS

0.001

Percentile

31.4%

JSON

Information Exposure vulnerability in Unity8 as used on the Ubuntu phone and possibly also in Unity8 shipped elsewhere. This allows an attacker to enable the MTP service by opening the emergency dialer. Fixed in 8.11+16.04.20160111.1-0ubuntu1 and 8.11+15.04.20160122-0ubuntu1.

CNA Affected

[
  {
    "product": "unity8 (Ubuntu)",
    "vendor": "Canonical",
    "versions": [
      {
        "changes": [
          {
            "at": "8.11+15.04.20160122-0ubuntu1",
            "status": "unaffected"
          }
        ],
        "lessThan": "8.11+16.04.20160111.1-0ubuntu1",
        "status": "affected",
        "version": "8.11",
        "versionType": "custom"
      }
    ]
  }
]

References

launchpad.net/bugs/1525981

CVSS3

7.3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

AI Score

5.7

Confidence

High

EPSS

0.001

Percentile

31.4%

JSON

Related for CVELIST:CVE-2015-7946