VAR-201506-0113
Vulnerability from variot - Updated: 2024-08-14 13:34Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-4640, CVE-2015-4641. Reason: this ID was intended for one issue, but was associated with two issues. Notes: All CVE users should consult CVE-2015-4640 and CVE-2015-4641 to identify the ID or IDs of interest. All references and descriptions in this candidate have been removed to prevent accidental usage. ** Delete ** This case CVE-2015-4640 and CWE-2015-4641 It was deleted after being divided into. CVE-2015-4640 and CWE-2015-4641 Please refer to. Samsung Galaxy S Pre-installed on the Swiftkey SDK There is a vulnerability in the keyboard function using, which does not correctly verify language pack updates. Inadequate verification of data reliability (CWE-345) - CVE-2015-2865 Samsung Galaxy S In Swiftkey SDK The keyboard function using is preinstalled. This keyboard function Samsung It is signed and operates with system privileges. This keyboard function regularly checks for language pack updates, HTTP Is done via. If the contents of communication are altered by a man-in-the-middle attack, there is a possibility that it may be abused to write arbitrary data to the device. CWE-345: Insufficient Verification of Data Authenticity http://cwe.mitre.org/data/definitions/345.htmlIntermediary by a remote third party (man-in-the-middle) An arbitrary data may be written to the device by the attack. However, Swiftkey Considering the frequency of update checks by, it is unlikely that such an attack is possible. Samsung Galaxy is Samsung's mid- to high-end smartphone product line. To the affected device. Samsung Galaxy S Phones are prone to a security-bypass vulnerability. Other attacks are also possible. Note: This BID is being retired as CVE-2015-2865 (Samsung Galaxy S Phones CVE-2015-2865 Man in The Middle Security Bypass Vulnerability) is rejected and split into two issues. The following individual records exist to better document the issues: 75347 SwiftKey CVE-2015-4640 Man in The Middle Security Bypass Vulnerability 75353 SwiftKey CVE-2015-4641 Directory Traversal Vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201506-0113",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "samsung",
"version": null
},
{
"model": "galaxy s4",
"scope": null,
"trust": 0.8,
"vendor": "samsung",
"version": null
},
{
"model": "galaxy s4 mini",
"scope": null,
"trust": 0.8,
"vendor": "samsung",
"version": null
},
{
"model": "galaxy s5",
"scope": null,
"trust": 0.8,
"vendor": "samsung",
"version": null
},
{
"model": "galaxy s6",
"scope": null,
"trust": 0.8,
"vendor": "samsung",
"version": null
},
{
"model": "galaxy s phones",
"scope": null,
"trust": 0.6,
"vendor": "samsung",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#155412"
},
{
"db": "CNVD",
"id": "CNVD-2015-03953"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003171"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:samsung:galaxy_s4",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:samsung:galaxy_s4_mini",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:samsung:galaxy_s5",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:samsung:galaxy_s6",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003171"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ted Eull of NowSecure",
"sources": [
{
"db": "BID",
"id": "75229"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-449"
}
],
"trust": 0.9
},
"cve": "CVE-2015-2865",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"confidentialityImpact": "NONE",
"exploitabilityScore": 5.5,
"id": "CNVD-2015-03953",
"impactScore": 6.9,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:M/Au:N/C:N/I:C/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2015-03953",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-03953"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-4640, CVE-2015-4641. Reason: this ID was intended for one issue, but was associated with two issues. Notes: All CVE users should consult CVE-2015-4640 and CVE-2015-4641 to identify the ID or IDs of interest. All references and descriptions in this candidate have been removed to prevent accidental usage. ** Delete ** This case CVE-2015-4640 and CWE-2015-4641 It was deleted after being divided into. CVE-2015-4640 and CWE-2015-4641 Please refer to. Samsung Galaxy S Pre-installed on the Swiftkey SDK There is a vulnerability in the keyboard function using, which does not correctly verify language pack updates. Inadequate verification of data reliability (CWE-345) - CVE-2015-2865 Samsung Galaxy S In Swiftkey SDK The keyboard function using is preinstalled. This keyboard function Samsung It is signed and operates with system privileges. This keyboard function regularly checks for language pack updates, HTTP Is done via. If the contents of communication are altered by a man-in-the-middle attack, there is a possibility that it may be abused to write arbitrary data to the device. CWE-345: Insufficient Verification of Data Authenticity http://cwe.mitre.org/data/definitions/345.htmlIntermediary by a remote third party (man-in-the-middle) An arbitrary data may be written to the device by the attack. However, Swiftkey Considering the frequency of update checks by, it is unlikely that such an attack is possible. Samsung Galaxy is Samsung\u0027s mid- to high-end smartphone product line. To the affected device. Samsung Galaxy S Phones are prone to a security-bypass vulnerability. Other attacks are also possible. \nNote: This BID is being retired as CVE-2015-2865 (Samsung Galaxy S Phones CVE-2015-2865 Man in The Middle Security Bypass Vulnerability) is rejected and split into two issues. The following individual records exist to better document the issues:\n75347 SwiftKey CVE-2015-4640 Man in The Middle Security Bypass Vulnerability\n75353 SwiftKey CVE-2015-4641 Directory Traversal Vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-2865"
},
{
"db": "CERT/CC",
"id": "VU#155412"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003171"
},
{
"db": "CNVD",
"id": "CNVD-2015-03953"
},
{
"db": "BID",
"id": "75229"
}
],
"trust": 3.15
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-2865",
"trust": 3.0
},
{
"db": "CERT/CC",
"id": "VU#155412",
"trust": 2.2
},
{
"db": "BID",
"id": "75229",
"trust": 1.5
},
{
"db": "JVN",
"id": "JVNVU94598171",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003171",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2015-03953",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201506-449",
"trust": 0.6
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#155412"
},
{
"db": "CNVD",
"id": "CNVD-2015-03953"
},
{
"db": "BID",
"id": "75229"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003171"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-449"
},
{
"db": "NVD",
"id": "CVE-2015-2865"
}
]
},
"id": "VAR-201506-0113",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-03953"
}
],
"trust": 1.27860278
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-03953"
}
]
},
"last_update_date": "2024-08-14T13:34:00.661000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Information Regarding the Keyboard Security Issue and Our Device Policy Update",
"trust": 0.8,
"url": "http://global.samsungtomorrow.com/information-regarding-the-keyboard-security-issue-and-our-device-policy-update/"
},
{
"title": "Is my Samsung device open to a security hack or vulnerability through the keyboard?",
"trust": 0.8,
"url": "https://support.swiftkey.com/hc/en-us/articles/203483421"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003171"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.4,
"url": "http://www.kb.cert.org/vuls/id/155412"
},
{
"trust": 0.8,
"url": "https://www.nowsecure.com/blog/2015/06/23/on-detecting-and-preventing-the-samsung-ime-keyboard-swiftkey-language-pack-update-vulnerability/"
},
{
"trust": 0.8,
"url": "https://www.nowsecure.com/blog/2015/06/16/remote-code-execution-as-system-user-on-samsung-phones/"
},
{
"trust": 0.8,
"url": "http://global.samsungtomorrow.com/information-regarding-the-keyboard-security-issue-and-our-device-policy-update/"
},
{
"trust": 0.8,
"url": "http://swiftkey.com/en/blog/samsung-keyboard-security-vulnerability-swiftkey/"
},
{
"trust": 0.8,
"url": "http://arstechnica.com/security/2015/06/new-exploit-turns-samsung-galaxy-phones-into-remote-bugging-devices/"
},
{
"trust": 0.8,
"url": "https://www.blackhat.com/ldn-15/summit.html#abusing-android-apps-and-gaining-remote-code-execution"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/300.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2865"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu94598171/index.html"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/75229"
},
{
"trust": 0.3,
"url": "http://www.samsung.com/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#155412"
},
{
"db": "CNVD",
"id": "CNVD-2015-03953"
},
{
"db": "BID",
"id": "75229"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003171"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-449"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#155412"
},
{
"db": "CNVD",
"id": "CNVD-2015-03953"
},
{
"db": "BID",
"id": "75229"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003171"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-449"
},
{
"db": "NVD",
"id": "CVE-2015-2865"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-06-16T00:00:00",
"db": "CERT/CC",
"id": "VU#155412"
},
{
"date": "2015-06-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-03953"
},
{
"date": "2015-06-17T00:00:00",
"db": "BID",
"id": "75229"
},
{
"date": "2015-06-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003171"
},
{
"date": "2015-06-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201506-449"
},
{
"date": "2015-06-19T14:59:01.287000",
"db": "NVD",
"id": "CVE-2015-2865"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-06-25T00:00:00",
"db": "CERT/CC",
"id": "VU#155412"
},
{
"date": "2015-06-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-03953"
},
{
"date": "2015-07-15T00:41:00",
"db": "BID",
"id": "75229"
},
{
"date": "2015-06-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003171"
},
{
"date": "2015-06-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201506-449"
},
{
"date": "2023-11-07T02:25:26.910000",
"db": "NVD",
"id": "CVE-2015-2865"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201506-449"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Samsung Galaxy S phones fail to properly validate SwiftKey language pack updates",
"sources": [
{
"db": "CERT/CC",
"id": "VU#155412"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201506-449"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…