Lucene search

[email protected]NVD:CVE-2014-8610

HistoryDec 15, 2014 - 6:59 p.m.

CVE-2014-8610

2014-12-1518:59:19

CWE-264

[email protected]

web.nvd.nist.gov

3.3 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:P/A:N

6.2 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

47.1%

JSON

AndroidManifest.xml in Android before 5.0.0 does not require the SEND_SMS permission for the SmsReceiver receiver, which allows attackers to send stored SMS messages, and consequently transmit arbitrary new draft SMS messages or trigger additional per-message charges from a network operator for old messages, via a crafted application that broadcasts an intent with the com.android.mms.transaction.MESSAGE_SENT action, aka Bug 17671795.

Affected configurations

NVD

Node

googleandroidRange≤4.4.4

googleandroidMatch1.0

googleandroidMatch1.1

googleandroidMatch1.5

googleandroidMatch1.6

googleandroidMatch2.0

googleandroidMatch2.0.1

googleandroidMatch2.1

googleandroidMatch2.2

googleandroidMatch2.2rev1

googleandroidMatch2.2.1

googleandroidMatch2.2.2

googleandroidMatch2.2.3

googleandroidMatch2.3

googleandroidMatch2.3rev1

googleandroidMatch2.3.1

googleandroidMatch2.3.2

googleandroidMatch2.3.3

googleandroidMatch2.3.4

googleandroidMatch2.3.5

googleandroidMatch2.3.6

googleandroidMatch2.3.7

googleandroidMatch3.0

googleandroidMatch3.1

googleandroidMatch3.2

googleandroidMatch3.2.1

googleandroidMatch3.2.2

googleandroidMatch3.2.4

googleandroidMatch3.2.6

googleandroidMatch4.0

googleandroidMatch4.0.1

googleandroidMatch4.0.2

googleandroidMatch4.0.3

googleandroidMatch4.0.4

googleandroidMatch4.1

googleandroidMatch4.1.2

googleandroidMatch4.2

googleandroidMatch4.2.1

googleandroidMatch4.2.2

googleandroidMatch4.3

googleandroidMatch4.3.1

googleandroidMatch4.4

googleandroidMatch4.4.1

googleandroidMatch4.4.2

googleandroidMatch4.4.3

References

packetstormsecurity.com/files/129282/Android-SMS-Resend.html

seclists.org/fulldisclosure/2014/Dec/8

seclists.org/fulldisclosure/2014/Nov/85

xteam.baidu.com/?p=164

android.googlesource.com/platform/packages/apps/Mms/+/008d6202fca4002a7dfe333f22377faa73585c67

github.com/joswr1ght/drozer-modules/blob/master/whfs/smsdraftsend.py

3.3 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:P/A:N

6.2 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

47.1%

JSON

Related for NVD:CVE-2014-8610

cvelist1 packetstorm1 prion1 zdt1 cve1 nessus1