Lucene search

PRIOn knowledge basePRION:CVE-2012-3887

HistoryJul 26, 2012 - 10:55 p.m.

Information disclosure

2012-07-2622:55:00

PRIOn knowledge base

www.prio-n.com

6.6 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

53.4%

JSON

AirDroid before 1.0.7 beta uses a cleartext base64 format for data transfer that is documented as an “Encrypted Transmission” feature, which allows remote attackers to obtain sensitive information by sniffing the local wireless network, as demonstrated by the SMS message content sent to the sdctl/sms/send/single/ URI.

CPENameOperatorVersion
airdroideq1.0.4
airdroideq1.0.2
airdroideq1.0.1
airdroideq1.0.4 beta
airdroidle1.0.6
airdroideq1.0.3
airdroideq1.0.5

Name	Operator	Version
airdroid	eq	1.0.4
airdroid	eq	1.0.2
airdroid	eq	1.0.1
airdroid	eq	1.0.4 beta
airdroid	le	1.0.6
airdroid	eq	1.0.3
airdroid	eq	1.0.5

References

archives.neohapsis.com/archives/bugtraq/2012-07/0087.html

www.tele-consulting.com/advisories/TC-SA-2012-02.txt

6.6 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

53.4%

JSON

Related for PRION:CVE-2012-3887