CVE-2015-3840

Опубликовано: 27 июн. 2017

Источник: nvd

CVSS3: 5.5

CVSS2: 2.1

EPSS Низкий

Описание

The MessageStatusReceiver service in the AndroidManifest.XML in Android 5.1.1 and earlier allows local users to alter sent/received statuses of SMS and MMS messages without the associated "WRITE_SMS" permission.

Ссылки

http://blog.trendmicro.com/trendlabs-security-intelligence/os-x-zero-days-on-the-rise-a-2015-midyear-review-on-advanced-attack-surfaces/
Third Party Advisory
http://blog.trendmicro.com/trendlabs-security-intelligence/two-new-android-bugs-mess-up-messaging-may-lead-to-multiple-send-charges/
Exploit
Third Party Advisory
https://huntcve.github.io/2017/02/13/cveupdate/
Broken Link
http://blog.trendmicro.com/trendlabs-security-intelligence/os-x-zero-days-on-the-rise-a-2015-midyear-review-on-advanced-attack-surfaces/
Third Party Advisory
http://blog.trendmicro.com/trendlabs-security-intelligence/two-new-android-bugs-mess-up-messaging-may-lead-to-multiple-send-charges/
Exploit
Third Party Advisory
https://huntcve.github.io/2017/02/13/cveupdate/
Broken Link

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:google:android:*:*:*:*:*:*:*:*

Версия до 5.1.1 (включая)

EPSS

Процентиль: 6%

0.00025

Низкий

5.5 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-284

Связанные уязвимости

GHSA-2h87-mx3g-www9