Lucene search

[email protected]NVD:CVE-2008-2235

HistoryAug 01, 2008 - 2:41 p.m.

CVE-2008-2235

2008-08-0114:41:00

CWE-310

[email protected]

web.nvd.nist.gov

CVSS2

4.9

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:C/A:N

AI Score

5.9

Confidence

Low

EPSS

0.001

Percentile

23.6%

JSON

OpenSC before 0.11.5 uses weak permissions (ADMIN file control information of 00) for the 5015 directory on smart cards and USB crypto tokens running Siemens CardOS M4, which allows physically proximate attackers to change the PIN.

Affected configurations

Nvd

Node

siemenscardosMatchm4

AND

opensc-projectopenscMatch0.3.2

opensc-projectopenscMatch0.3.5

opensc-projectopenscMatch0.4.0

opensc-projectopenscMatch0.6.0

opensc-projectopenscMatch0.6.1

opensc-projectopenscMatch0.7.0

opensc-projectopenscMatch0.8

opensc-projectopenscMatch0.8.0.0

opensc-projectopenscMatch0.8.1

opensc-projectopenscMatch0.9

opensc-projectopenscMatch0.9.6

opensc-projectopenscMatch0.9.7

opensc-projectopenscMatch0.9.7b

opensc-projectopenscMatch0.9.7d

opensc-projectopenscMatch0.9.8

opensc-projectopenscMatch0.11.0

opensc-projectopenscMatch0.11.1

opensc-projectopenscMatch0.11.2

opensc-projectopenscMatch0.11.3

opensc-projectopenscMatch0.11.3pre3

opensc-projectopenscMatch0.11.4

VendorProductVersionCPE
siemenscardosm4cpe:2.3:o:siemens:cardos:m4:*:*:*:*:*:*:*
opensc-projectopensc0.3.2cpe:2.3:a:opensc-project:opensc:0.3.2:*:*:*:*:*:*:*
opensc-projectopensc0.3.5cpe:2.3:a:opensc-project:opensc:0.3.5:*:*:*:*:*:*:*
opensc-projectopensc0.4.0cpe:2.3:a:opensc-project:opensc:0.4.0:*:*:*:*:*:*:*
opensc-projectopensc0.6.0cpe:2.3:a:opensc-project:opensc:0.6.0:*:*:*:*:*:*:*
opensc-projectopensc0.6.1cpe:2.3:a:opensc-project:opensc:0.6.1:*:*:*:*:*:*:*
opensc-projectopensc0.7.0cpe:2.3:a:opensc-project:opensc:0.7.0:*:*:*:*:*:*:*
opensc-projectopensc0.8cpe:2.3:a:opensc-project:opensc:0.8:*:*:*:*:*:*:*
opensc-projectopensc0.8.0.0cpe:2.3:a:opensc-project:opensc:0.8.0.0:*:*:*:*:*:*:*
opensc-projectopensc0.8.1cpe:2.3:a:opensc-project:opensc:0.8.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
siemens	cardos	m4	cpe:2.3:o:siemens:cardos:m4:::::::*
opensc-project	opensc	0.3.2	cpe:2.3:a:opensc-project:opensc:0.3.2:::::::*
opensc-project	opensc	0.3.5	cpe:2.3:a:opensc-project:opensc:0.3.5:::::::*
opensc-project	opensc	0.4.0	cpe:2.3:a:opensc-project:opensc:0.4.0:::::::*
opensc-project	opensc	0.6.0	cpe:2.3:a:opensc-project:opensc:0.6.0:::::::*
opensc-project	opensc	0.6.1	cpe:2.3:a:opensc-project:opensc:0.6.1:::::::*
opensc-project	opensc	0.7.0	cpe:2.3:a:opensc-project:opensc:0.7.0:::::::*
opensc-project	opensc	0.8	cpe:2.3:a:opensc-project:opensc:0.8:::::::*
opensc-project	opensc	0.8.0.0	cpe:2.3:a:opensc-project:opensc:0.8.0.0:::::::*
opensc-project	opensc	0.8.1	cpe:2.3:a:opensc-project:opensc:0.8.1:::::::*