14 matches found
EUVD-2020-1878
Malware in sbrugna...
Kigen eUICC Type Confusion
Security Explorations has further examined the security of Kigen eUICC cards with GSMA consumer certificates installed. This advisory is an update and expansion to the original research disclosed, however it does not disclose exact details. They do, however, state that the new issue seems more...
eSIM Vulnerability in eUICC Cards Exposes Billions of IoT Devices to Malicious Attacks
Cybersecurity researchers have discovered a new hacking technique that exploits weaknesses in the eSIM technology used in modern smartphones, exposing users to severe risks. The issues impact the Kigen eUICC card. According to the Irish company's website, more than two billion SIMs in IoT devices...
Kigen eUICC Type Confusion
Security Explorations has broken the security of Kigen eUICC card with GSMA consumer certificates installed into it. The eUICC card makes it possible to install the so called eSIM profiles into target chip. eSIM profiles are software representations of mobile subscriptions. For many years such...
CVE-2021-39618
In multiple methods of EuiccNotificationManager.java, there is a possible way to install existing packages without user consent due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for...
CVE-2021-39618
In multiple methods of EuiccNotificationManager.java, there is a possible way to install existing packages without user consent due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for...
CVE-2020-0375
In Telephony, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege and the setting of supported EUICC countries with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...
Design/Logic Flaw
In Telephony, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege and the setting of supported EUICC countries with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...
CVE-2020-0375
In Telephony, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege and the setting of supported EUICC countries with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...
CVE-2020-0375
CVE-2020-0375 pertains to Android 11 Telephony: a missing permission check enables local escalation of privilege, allowing an attacker to influence EUICC country settings without extra privileges or user interaction. Several connected sources corroborate: Red Hat and CNVD entries describe a Telep...
CVE-2020-0062
In Euicc, there is a possible information disclosure due to an included test Certificate. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-14323203...
Information disclosure
In Euicc, there is a possible information disclosure due to an included test Certificate. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-14323203...
CVE-2020-0062
In Euicc, there is a possible information disclosure due to an included test Certificate. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-14323203...
CVE-2020-0062
CVE-2020-0062 affects Android Euicc. An information disclosure exists due to an included test certificate, enabling remote data exposure without extra privileges. Exploitation is network-based with no user interaction required. CVSSv2/3.1 base scores are 5.0 (MEDIUM) and 7.5 (HIGH) respectively. ...