2.1

CVE-2009-0368

Exploit

EPSS 0.31%
Published 02.03.2009 22:30:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

OpenSC before 0.11.7 allows physically proximate attackers to bypass intended PIN requirements and read private data objects via a (1) low level APDU command or (2) debugging tool, as demonstrated by reading the 4601 or 4701 file with the opensc-explorer or opensc-tool program.

Affected products Warnungen 0 Metrics 2 CWE 0 References 18

Data is provided by the National Vulnerability Database (NVD)

Opensc-project ≫ Opensc Version <= 0.11.6

Opensc-project ≫ Opensc Version0.3.2

Opensc-project ≫ Opensc Version0.3.5

Opensc-project ≫ Opensc Version0.4.0

Opensc-project ≫ Opensc Version0.5.0

Opensc-project ≫ Opensc Version0.6.0

Opensc-project ≫ Opensc Version0.6.1

Opensc-project ≫ Opensc Version0.7.0

Opensc-project ≫ Opensc Version0.8

Opensc-project ≫ Opensc Version0.8.0

Opensc-project ≫ Opensc Version0.8.0.0

Opensc-project ≫ Opensc Version0.8.1

Opensc-project ≫ Opensc Version0.9

Opensc-project ≫ Opensc Version0.9.2

Opensc-project ≫ Opensc Version0.9.3

Opensc-project ≫ Opensc Version0.9.4

Opensc-project ≫ Opensc Version0.9.5

Opensc-project ≫ Opensc Version0.9.6

Opensc-project ≫ Opensc Version0.9.7

Opensc-project ≫ Opensc Version0.9.7 Updateb

Opensc-project ≫ Opensc Version0.9.7 Updated

Opensc-project ≫ Opensc Version0.9.8

Opensc-project ≫ Opensc Version0.10.0

Opensc-project ≫ Opensc Version0.10.1

Opensc-project ≫ Opensc Version0.11.0

Opensc-project ≫ Opensc Version0.11.1

Opensc-project ≫ Opensc Version0.11.2

Opensc-project ≫ Opensc Version0.11.3

Opensc-project ≫ Opensc Version0.11.3 Updatepre3

Opensc-project ≫ Opensc Version0.11.4

Opensc-project ≫ Opensc Version0.11.5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.31%	0.536

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:P/I:N/A:N

http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html

http://secunia.com/advisories/35065

http://secunia.com/advisories/34362

https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00686.html

http://openwall.com/lists/oss-security/2009/02/26/1

Patch

http://secunia.com/advisories/34052

Vendor Advisory

http://secunia.com/advisories/34120

http://secunia.com/advisories/34377

http://secunia.com/advisories/36074

http://security.gentoo.org/glsa/glsa-200908-01.xml

http://www.debian.org/security/2009/dsa-1734

http://www.opensc-project.org/pipermail/opensc-announce/2009-February/000023.html

Vendor Advisory

http://www.securityfocus.com/bid/33922

Patch

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/48958

https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00673.html

https://nvd.nist.gov/vuln/detail/CVE-2009-0368

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-0368

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-0368

EUVD