CVE-2008-2235

EPSS 0.07%
Published 01.08.2008 14:41:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

OpenSC before 0.11.5 uses weak permissions (ADMIN file control information of 00) for the 5015 directory on smart cards and USB crypto tokens running Siemens CardOS M4, which allows physically proximate attackers to change the PIN.

Affected products Warnungen 0 Metrics 2 CWE 0 References 18

Data is provided by the National Vulnerability Database (NVD)

Opensc-project ≫ Opensc Version0.3.2

Siemens ≫ Cardos Versionm4

Opensc-project ≫ Opensc Version0.3.5

Siemens ≫ Cardos Versionm4

Opensc-project ≫ Opensc Version0.4.0

Siemens ≫ Cardos Versionm4

Opensc-project ≫ Opensc Version0.6.0

Siemens ≫ Cardos Versionm4

Opensc-project ≫ Opensc Version0.6.1

Siemens ≫ Cardos Versionm4

Opensc-project ≫ Opensc Version0.7.0

Siemens ≫ Cardos Versionm4

Opensc-project ≫ Opensc Version0.8

Siemens ≫ Cardos Versionm4

Opensc-project ≫ Opensc Version0.8.0.0

Siemens ≫ Cardos Versionm4

Opensc-project ≫ Opensc Version0.8.1

Siemens ≫ Cardos Versionm4

Opensc-project ≫ Opensc Version0.9

Siemens ≫ Cardos Versionm4

Opensc-project ≫ Opensc Version0.9.6

Siemens ≫ Cardos Versionm4

Opensc-project ≫ Opensc Version0.9.7

Siemens ≫ Cardos Versionm4

Opensc-project ≫ Opensc Version0.9.7 Updateb

Siemens ≫ Cardos Versionm4

Opensc-project ≫ Opensc Version0.9.7 Updated

Siemens ≫ Cardos Versionm4

Opensc-project ≫ Opensc Version0.9.8

Siemens ≫ Cardos Versionm4

Opensc-project ≫ Opensc Version0.11.0

Siemens ≫ Cardos Versionm4

Opensc-project ≫ Opensc Version0.11.1

Siemens ≫ Cardos Versionm4

Opensc-project ≫ Opensc Version0.11.2

Siemens ≫ Cardos Versionm4

Opensc-project ≫ Opensc Version0.11.3

Siemens ≫ Cardos Versionm4

Opensc-project ≫ Opensc Version0.11.3 Updatepre3

Siemens ≫ Cardos Versionm4

Opensc-project ≫ Opensc Version0.11.4

Siemens ≫ Cardos Versionm4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.07%	0.177

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.9	3.9	6.9	AV:L/AC:L/Au:N/C:N/I:C/A:N

http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html

http://secunia.com/advisories/32099

http://secunia.com/advisories/31330

http://secunia.com/advisories/31360

http://secunia.com/advisories/33115

http://secunia.com/advisories/34362

http://security.gentoo.org/glsa/glsa-200812-09.xml

http://www.mandriva.com/security/advisories?name=MDVSA-2008:183

http://www.opensc-project.org/pipermail/opensc-announce/2008-July/000020.html

http://www.opensc-project.org/security.html

http://www.securityfocus.com/bid/30473

Patch

https://exchange.xforce.ibmcloud.com/vulnerabilities/44140

https://www.debian.org/security/2008/dsa-1627

https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00686.html

https://nvd.nist.gov/vuln/detail/CVE-2008-2235

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-2235

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-2235

EUVD