CVE-2008-2235

EPSS 0.07%
Veröffentlicht 01.08.2008 14:41:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

OpenSC before 0.11.5 uses weak permissions (ADMIN file control information of 00) for the 5015 directory on smart cards and USB crypto tokens running Siemens CardOS M4, which allows physically proximate attackers to change the PIN.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 18

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Opensc-project ≫ Opensc Version0.3.2

Siemens ≫ Cardos Versionm4

Opensc-project ≫ Opensc Version0.3.5

Siemens ≫ Cardos Versionm4

Opensc-project ≫ Opensc Version0.4.0

Siemens ≫ Cardos Versionm4

Opensc-project ≫ Opensc Version0.6.0

Siemens ≫ Cardos Versionm4

Opensc-project ≫ Opensc Version0.6.1

Siemens ≫ Cardos Versionm4

Opensc-project ≫ Opensc Version0.7.0

Siemens ≫ Cardos Versionm4

Opensc-project ≫ Opensc Version0.8

Siemens ≫ Cardos Versionm4

Opensc-project ≫ Opensc Version0.8.0.0

Siemens ≫ Cardos Versionm4

Opensc-project ≫ Opensc Version0.8.1

Siemens ≫ Cardos Versionm4

Opensc-project ≫ Opensc Version0.9

Siemens ≫ Cardos Versionm4

Opensc-project ≫ Opensc Version0.9.6

Siemens ≫ Cardos Versionm4

Opensc-project ≫ Opensc Version0.9.7

Siemens ≫ Cardos Versionm4

Opensc-project ≫ Opensc Version0.9.7 Updateb

Siemens ≫ Cardos Versionm4

Opensc-project ≫ Opensc Version0.9.7 Updated

Siemens ≫ Cardos Versionm4

Opensc-project ≫ Opensc Version0.9.8

Siemens ≫ Cardos Versionm4

Opensc-project ≫ Opensc Version0.11.0

Siemens ≫ Cardos Versionm4

Opensc-project ≫ Opensc Version0.11.1

Siemens ≫ Cardos Versionm4

Opensc-project ≫ Opensc Version0.11.2

Siemens ≫ Cardos Versionm4

Opensc-project ≫ Opensc Version0.11.3

Siemens ≫ Cardos Versionm4

Opensc-project ≫ Opensc Version0.11.3 Updatepre3

Siemens ≫ Cardos Versionm4

Opensc-project ≫ Opensc Version0.11.4

Siemens ≫ Cardos Versionm4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.07%	0.177

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.9	3.9	6.9	AV:L/AC:L/Au:N/C:N/I:C/A:N

http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html

http://secunia.com/advisories/32099

http://secunia.com/advisories/31330

http://secunia.com/advisories/31360

http://secunia.com/advisories/33115

http://secunia.com/advisories/34362

http://security.gentoo.org/glsa/glsa-200812-09.xml

http://www.mandriva.com/security/advisories?name=MDVSA-2008:183

http://www.opensc-project.org/pipermail/opensc-announce/2008-July/000020.html

http://www.opensc-project.org/security.html

http://www.securityfocus.com/bid/30473

Patch

https://exchange.xforce.ibmcloud.com/vulnerabilities/44140

https://www.debian.org/security/2008/dsa-1627

https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00686.html

https://nvd.nist.gov/vuln/detail/CVE-2008-2235

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-2235

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-2235

EUVD