exploitDog

CVE-2014-7914

Опубликовано: 21 фев. 2020

Источник: nvd

CVSS3: 8.1

CVSS2: 5.8

EPSS Низкий

Описание

btif/src/btif_dm.c in Android before 5.1 does not properly enforce the temporary nature of a Bluetooth pairing, which allows user-assisted remote attackers to bypass intended access restrictions via crafted Bluetooth packets after the tapping of a crafted NFC tag.

Ссылки

https://android.googlesource.com/platform/external/bluetooth/bluedroid/+/0360aa7c418152a3e5e335a065ac3629cbb09559
Patch
Vendor Advisory
https://android.googlesource.com/platform/external/bluetooth/bluedroid/+/0360aa7c418152a3e5e335a065ac3629cbb09559
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:google:android:*:*:*:*:*:*:*:*

Версия до 5.1 (исключая)

EPSS

Процентиль: 35%

0.00147

Низкий

8.1 High

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-863

Связанные уязвимости

GHSA-xmxx-m7q8-x9xj

github

больше 3 лет назад

btif/src/btif_dm.c in Android before 5.1 does not properly enforce the temporary nature of a Bluetooth pairing, which allows user-assisted remote attackers to bypass intended access restrictions via crafted Bluetooth packets after the tapping of a crafted NFC tag.

EPSS

Процентиль: 35%

0.00147

Низкий

8.1 High

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-863