VAR-201510-0742
Vulnerability from variot - Updated: 2022-05-17 01:45Communication network for mobile terminals Long Term Evolution (LTE) Has spread around the world in recent years. these LTE All communication networks IP It uses a packet-switched system instead of the circuit-switched system as before. This change in method allows for attacks that were not possible in the past. LTE At present, some networks and mobile application implementations have multiple issues that can lead to privacy violations, unauthorized charges, and spoofing. Current LTE The communication network uses packet switching instead of the previous generation circuit switching. Packet switching and IP Protocols, especially Session Initiation Protocol (SIP) The use of allows new types of attack techniques that were not possible with previous generations. These attack techniques are well known in the security world. For example, Voice over IP (VoIP) See past attacks against. Several LTE As a result of security researchers investigating communication networks, the following vulnerabilities were discovered. LTE Communication network implementations vary from carrier to carrier, and all of these vulnerabilities are LTE Note that it does not exist on the network. Improper access rights to sensitive information (CW-732) Android OS The permission model of LTE It does not match the usage of the communication network. CALL_PHONE Even without permissions, INTERNET If you only have permissions, SIP/IP You can make a call by sending a packet, and you will not be notified. Such calls are made continuously, resulting in excessive billing and denial of service. (DoS) Could lead to CWE-732: Incorrect Permission Assignment for Critical Resource http://cwe.mitre.org/data/definitions/732.html Apple Is iOS Reports that it is not affected by this issue. Improper access control (CWE-284) In some networks, 2 Between two mobile phones ( peer to peer ) Establish a session directly with SIP Communication outside the control of the server is possible. These communications are not charged by the provider. Such communications could be used for spoofing phone numbers or for video calls over free data. CWE-284: Improper Access Control http://cwe.mitre.org/data/definitions/284.html Insufficient certification (CWE-287) In some networks, SIP The message is not properly authenticated. This can lead to spoofing of phone numbers. CWE-287: Improper Authentication http://cwe.mitre.org/data/definitions/287.html Session fixation (CWE-384) In some networks, 1 Voice communication per user 1 Not limited to sessions SIP It is possible to establish a session. As a result, service operation interruption to the communication network (DoS) Attack is possible. It can also be used by attackers to establish peer-to-peer communication. CWE-384: Session Fixation http://cwe.mitre.org/data/definitions/384.html Each provider's communication network LTE The implementation of may be affected by one or more of these issues. For more information, ACM CCS 2015 Announced at Kim Papers by the authors "Breaking and Fixing VoLTE: Exploiting Hidden Data Channels and Mis-Implementations" Please refer to. ACM CCS 2015 http://www.sigsac.org/ccs/CCS2015/pro_paper.html Breaking and Fixing VoLTE: Exploiting Hidden Data Channels and Mis-Implementations http://dl.acm.org/citation.cfm?id=2813718An attacker using the network could establish peer-to-peer communication to obtain data from other terminals or spoof a telephone number. Also, malicious Android Applications may make calls without the terminal user's knowledge. Authentication bypass vulnerability 2. Security bypass vulnerability 3. Session fixation vulnerability. Attackers can use these vulnerabilities to gain unauthorized access, bypass authentication mechanisms, inject arbitrary sessions, or gain access to sensitive information. Multiple security-bypass vulnerabilities 3
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201510-0742",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "google",
"version": null
},
{
"model": "",
"scope": null,
"trust": 0.8,
"vendor": "multiple vendors",
"version": null
},
{
"model": "long term evolution",
"scope": null,
"trust": 0.6,
"vendor": "3gpp",
"version": null
},
{
"model": "term evolution long term evolution",
"scope": "eq",
"trust": 0.3,
"vendor": "long",
"version": "0"
},
{
"model": "android",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "0"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#943167"
},
{
"db": "CNVD",
"id": "CNVD-2015-07638"
},
{
"db": "BID",
"id": "77409"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005381"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:misc:multiple_vendors",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-005381"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hongil Kim, Dongkwan Kim, Minhee Kwon, Hyungseok Han, Yeongjin Jang, Dongsu Han, Taesoo Kim, and Yongdae Kim",
"sources": [
{
"db": "BID",
"id": "77409"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-070"
}
],
"trust": 0.9
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 5.5,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2015-005381",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-07638",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "IPA",
"id": "JVNDB-2015-005381",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2015-07638",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07638"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005381"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Communication network for mobile terminals Long Term Evolution (LTE) Has spread around the world in recent years. these LTE All communication networks IP It uses a packet-switched system instead of the circuit-switched system as before. This change in method allows for attacks that were not possible in the past. LTE At present, some networks and mobile application implementations have multiple issues that can lead to privacy violations, unauthorized charges, and spoofing. Current LTE The communication network uses packet switching instead of the previous generation circuit switching. Packet switching and IP Protocols, especially Session Initiation Protocol (SIP) The use of allows new types of attack techniques that were not possible with previous generations. These attack techniques are well known in the security world. For example, Voice over IP (VoIP) See past attacks against. Several LTE As a result of security researchers investigating communication networks, the following vulnerabilities were discovered. LTE Communication network implementations vary from carrier to carrier, and all of these vulnerabilities are LTE Note that it does not exist on the network. Improper access rights to sensitive information (CW-732) Android OS The permission model of LTE It does not match the usage of the communication network. CALL_PHONE Even without permissions, INTERNET If you only have permissions, SIP/IP You can make a call by sending a packet, and you will not be notified. Such calls are made continuously, resulting in excessive billing and denial of service. (DoS) Could lead to CWE-732: Incorrect Permission Assignment for Critical Resource http://cwe.mitre.org/data/definitions/732.html Apple Is iOS Reports that it is not affected by this issue. Improper access control (CWE-284) In some networks, 2 Between two mobile phones ( peer to peer ) Establish a session directly with SIP Communication outside the control of the server is possible. These communications are not charged by the provider. Such communications could be used for spoofing phone numbers or for video calls over free data. CWE-284: Improper Access Control http://cwe.mitre.org/data/definitions/284.html Insufficient certification (CWE-287) In some networks, SIP The message is not properly authenticated. This can lead to spoofing of phone numbers. CWE-287: Improper Authentication http://cwe.mitre.org/data/definitions/287.html Session fixation (CWE-384) In some networks, 1 Voice communication per user 1 Not limited to sessions SIP It is possible to establish a session. As a result, service operation interruption to the communication network (DoS) Attack is possible. It can also be used by attackers to establish peer-to-peer communication. CWE-384: Session Fixation http://cwe.mitre.org/data/definitions/384.html Each provider\u0027s communication network LTE The implementation of may be affected by one or more of these issues. For more information, ACM CCS 2015 Announced at Kim Papers by the authors \"Breaking and Fixing VoLTE: Exploiting Hidden Data Channels and Mis-Implementations\" Please refer to. ACM CCS 2015 http://www.sigsac.org/ccs/CCS2015/pro_paper.html Breaking and Fixing VoLTE: Exploiting Hidden Data Channels and Mis-Implementations http://dl.acm.org/citation.cfm?id=2813718An attacker using the network could establish peer-to-peer communication to obtain data from other terminals or spoof a telephone number. Also, malicious Android Applications may make calls without the terminal user\u0027s knowledge. Authentication bypass vulnerability 2. Security bypass vulnerability 3. Session fixation vulnerability. Attackers can use these vulnerabilities to gain unauthorized access, bypass authentication mechanisms, inject arbitrary sessions, or gain access to sensitive information. Multiple security-bypass vulnerabilities\n3",
"sources": [
{
"db": "CERT/CC",
"id": "VU#943167"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005381"
},
{
"db": "CNVD",
"id": "CNVD-2015-07638"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-070"
},
{
"db": "BID",
"id": "77409"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#943167",
"trust": 1.9
},
{
"db": "BID",
"id": "77409",
"trust": 1.5
},
{
"db": "JVN",
"id": "JVNVU93463833",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005381",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2015-07638",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201511-070",
"trust": 0.6
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#943167"
},
{
"db": "CNVD",
"id": "CNVD-2015-07638"
},
{
"db": "BID",
"id": "77409"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005381"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-070"
}
]
},
"id": "VAR-201510-0742",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07638"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07638"
}
]
},
"last_update_date": "2022-05-17T01:45:19.913000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-Other",
"trust": 0.8
},
{
"problemtype": "CWE-287",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-005381"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "http://dl.acm.org/citation.cfm?id=2813718"
},
{
"trust": 1.6,
"url": "http://www.sigsac.org/ccs/ccs2015/pro_paper.html"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/77409"
},
{
"trust": 1.1,
"url": "http://www.kb.cert.org/vuls/id/943167"
},
{
"trust": 0.8,
"url": "https://sslab.gtisc.gatech.edu/pages/publications.html#/"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu93463833/"
},
{
"trust": 0.8,
"url": "https://sslab.gtisc.gatech.edu/pages/publications.html#kim:volte"
},
{
"trust": 0.3,
"url": "http://www.3gpp.org/technologies/keywords-acronyms/98-lte"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#943167"
},
{
"db": "CNVD",
"id": "CNVD-2015-07638"
},
{
"db": "BID",
"id": "77409"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005381"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-070"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#943167"
},
{
"db": "CNVD",
"id": "CNVD-2015-07638"
},
{
"db": "BID",
"id": "77409"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005381"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-070"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-10-16T00:00:00",
"db": "CERT/CC",
"id": "VU#943167"
},
{
"date": "2015-11-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-07638"
},
{
"date": "2015-10-20T00:00:00",
"db": "BID",
"id": "77409"
},
{
"date": "2015-10-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-005381"
},
{
"date": "2015-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201511-070"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-10-20T00:00:00",
"db": "CERT/CC",
"id": "VU#943167"
},
{
"date": "2015-11-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-07638"
},
{
"date": "2015-10-20T00:00:00",
"db": "BID",
"id": "77409"
},
{
"date": "2015-10-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-005381"
},
{
"date": "2015-11-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201511-070"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201511-070"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Voice over LTE implementations contain multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#943167"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201511-070"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…