Vulnerability CVE-2013-6272


Published: 2018-05-02

Description:
The NotificationBroadcastReceiver class in the com.android.phone process in Google Android 4.1.1 through 4.4.2 allows attackers to bypass intended access restrictions and consequently make phone calls to arbitrary numbers, send mmi or ussd codes, or hangup ongoing calls via a crafted application.

See advisories in our WLB2 database:
Topic
Author
Date
High
Android OS Authorization Missing
Roberto Palear
08.07.2014

Type:

CWE-284

(Improper Access Control)

Vendor: Google
Product: Android 
Version:
4.4.2
4.4.1
4.4
4.3.1
4.3
4.2.2
4.2.1
4.2
4.1.2

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.8/10
6.4/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
http://packetstormsecurity.com/files/127359/Android-OS-Authorization-Missing.html
http://seclists.org/fulldisclosure/2014/Jul/13
http://www.securityfocus.com/bid/68415
https://curesec.com/blog/article/blog/35.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/94423

Related CVE
CVE-2019-2001
The permissions on /proc/iomem were world-readable. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android I...
CVE-2019-2000
In several functions of binder.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: ...
CVE-2019-1999
In binder_alloc_free_page of binder_alloc.c, there is a possible double free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for ex...
CVE-2019-1998
In event_handler of keymaster_app.c, there is possible resource exhaustion due to a table being lost on reboot. This could lead to local denial of service that is not fixed by a factory reset, with no additional execution privileges needed. User inte...
CVE-2019-1997
In random_get_bytes of random.c, there is a possible degradation of randomness due to an insecure default value. This could lead to local information disclosure via an insecure wireless connection with no additional execution privileges needed. User ...
CVE-2019-1996
In avrc_pars_browse_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not ...
CVE-2019-1995
In ComposeActivityEmail of ComposeActivityEmail.java, there is a possible way to silently attach files to an email due to a confused deputy. This could lead to local information disclosure, sending files accessible to AOSP Mail to a remote email reci...
CVE-2019-1994
In refresh of DevelopmentTiles.java, there is the possibility of leaving development settings accessible due to an insecure default value. This could lead to unwanted access to development settings, with no additional execution privileges needed. Use...

Copyright 2019, cxsecurity.com

 

Back to Top