3.3

CVE-2014-8610

Exploit
AndroidManifest.xml in Android before 5.0.0 does not require the SEND_SMS permission for the SmsReceiver receiver, which allows attackers to send stored SMS messages, and consequently transmit arbitrary new draft SMS messages or trigger additional per-message charges from a network operator for old messages, via a crafted application that broadcasts an intent with the com.android.mms.transaction.MESSAGE_SENT action, aka Bug 17671795.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GoogleAndroid Version <= 4.4.4
GoogleAndroid Version1.0
GoogleAndroid Version1.1
GoogleAndroid Version1.5
GoogleAndroid Version1.6
GoogleAndroid Version2.0
GoogleAndroid Version2.0.1
GoogleAndroid Version2.1
GoogleAndroid Version2.2
GoogleAndroid Version2.2 Updaterev1
GoogleAndroid Version2.2.1
GoogleAndroid Version2.2.2
GoogleAndroid Version2.2.3
GoogleAndroid Version2.3
GoogleAndroid Version2.3 Updaterev1
GoogleAndroid Version2.3.1
GoogleAndroid Version2.3.2
GoogleAndroid Version2.3.3
GoogleAndroid Version2.3.4
GoogleAndroid Version2.3.5
GoogleAndroid Version2.3.6
GoogleAndroid Version2.3.7
GoogleAndroid Version3.0
GoogleAndroid Version3.1
GoogleAndroid Version3.2
GoogleAndroid Version3.2.1
GoogleAndroid Version3.2.2
GoogleAndroid Version3.2.4
GoogleAndroid Version3.2.6
GoogleAndroid Version4.0
GoogleAndroid Version4.0.1
GoogleAndroid Version4.0.2
GoogleAndroid Version4.0.3
GoogleAndroid Version4.0.4
GoogleAndroid Version4.1
GoogleAndroid Version4.1.2
GoogleAndroid Version4.2
GoogleAndroid Version4.2.1
GoogleAndroid Version4.2.2
GoogleAndroid Version4.3
GoogleAndroid Version4.3.1
GoogleAndroid Version4.4
GoogleAndroid Version4.4.1
GoogleAndroid Version4.4.2
GoogleAndroid Version4.4.3
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.06% 0.159
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 3.3 3.4 4.9
AV:L/AC:M/Au:N/C:P/I:P/A:N