3.3
CVE-2014-8610
- EPSS 0.34%
- Veröffentlicht 15.12.2014 18:59:19
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
AndroidManifest.xml in Android before 5.0.0 does not require the SEND_SMS permission for the SmsReceiver receiver, which allows attackers to send stored SMS messages, and consequently transmit arbitrary new draft SMS messages or trigger additional per-message charges from a network operator for old messages, via a crafted application that broadcasts an intent with the com.android.mms.transaction.MESSAGE_SENT action, aka Bug 17671795.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.34% | 0.258 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 3.3 | 3.4 | 4.9 |
AV:L/AC:M/Au:N/C:P/I:P/A:N
|
http://packetstormsecurity.com/files/129282/Android-SMS-Resend.html
http://seclists.org/fulldisclosure/2014/Dec/8
http://seclists.org/fulldisclosure/2014/Nov/85
http://xteam.baidu.com/?p=164
https://android.googlesource.com/platform/packages/apps/Mms/+/008d6202fca4002a7dfe333f22377faa73585c67
https://github.com/joswr1ght/drozer-modules/blob/master/whfs/smsdraftsend.py