CVE-2008-5827

The Nokia 6131 Near Field Communication (NFC) phone with 05.12 firmware automatically installs software upon completing the download of a JAR file, which makes it easier for remote attackers to execute arbitrary code via a crafted URI record in an NDEF tag.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://events.ccc.de/congress/2008/Fahrplan/attachments/1109_collin_mulliner_eusecwest08_attacking_nfc_phones_slim.pdf
http://events.ccc.de/congress/2008/Fahrplan/events/2639.en.html
http://www.mulliner.org/nfc/feed/collin_mulliner_25c3_attacking_nfc_phones.pdf
http://www.mulliner.org/nfc/feed/collin_mulliner_eusecwest08_attacking_nfc_phones.pdf
https://exchange.xforce.ibmcloud.com/vulnerabilities/44528

Configurations

Configuration 1 (hide)

cpe:2.3:h:nokia:6131_nfc:05.12:*:*:*:*:*:*:*

History

No history.

Information

Published : 2009-01-02 19:30

Updated : 2024-02-28 11:21

NVD link : CVE-2008-5827

Mitre link : CVE-2008-5827

CVE.ORG link : CVE-2008-5827

JSON object : View

Products Affected

nokia

6131_nfc

CWE

CWE-16

Configuration

{"id": "CVE-2008-5827", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2009-01-02T19:30:01.843", "references": [{"url": "http://events.ccc.de/congress/2008/Fahrplan/attachments/1109_collin_mulliner_eusecwest08_attacking_nfc_phones_slim.pdf", "source": "cve@mitre.org"}, {"url": "http://events.ccc.de/congress/2008/Fahrplan/events/2639.en.html", "source": "cve@mitre.org"}, {"url": "http://www.mulliner.org/nfc/feed/collin_mulliner_25c3_attacking_nfc_phones.pdf", "source": "cve@mitre.org"}, {"url": "http://www.mulliner.org/nfc/feed/collin_mulliner_eusecwest08_attacking_nfc_phones.pdf", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44528", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-16"}]}], "descriptions": [{"lang": "en", "value": "The Nokia 6131 Near Field Communication (NFC) phone with 05.12 firmware automatically installs software upon completing the download of a JAR file, which makes it easier for remote attackers to execute arbitrary code via a crafted URI record in an NDEF tag."}, {"lang": "es", "value": "El tel\u00e9fono Nokia 6131 Near Field Communication (NFC) con firmware v05.12 instala software una vez termina de descargar un fichero con extensi\u00f3n .JAR, lo que produce una forma sencilla para que los atacantes remotos ejecuten c\u00f3digo arbitrario a trav\u00e9s de un registro URI manipulado en la una etiqueta NDEF."}], "lastModified": "2017-08-08T01:33:33.937", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:nokia:6131_nfc:05.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EDFC8440-A930-409A-9235-D1DF479E8C1E"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}