CVE-2012-2217

{"id": "CVE-2012-2217", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2012-05-01T14:55:01.673", "references": [{"url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0176.html", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/53187", "source": "cve@mitre.org"}, {"url": "http://www.vsecurity.com/resources/advisory/20120420-1/", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75080", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "The HTC IQRD service for Android on the HTC EVO 4G before 4.67.651.3, EVO Design 4G before 2.12.651.5, Shift 4G before 2.77.651.3, EVO 3D before 2.17.651.5, EVO View 4G before 2.23.651.1, Vivid before 3.26.502.56, and Hero does not restrict localhost access to TCP port 2479, which allows remote attackers to (1) send SMS messages, (2) obtain the Network Access Identifier (NAI) and its password, or trigger (3) popup messages or (4) tones via a crafted application that leverages the android.permission.INTERNET permission."}, {"lang": "es", "value": "El servicio HTC IQRD para Android en HTC EVO 4G antes de v4.67.651.3, EVO Design 4G antes de v2.12.651.5, Shift 4G antes de v2.77.651.3, EVO 3D antes de v2.17.651.5, EVO View 4G antes de v2.23.651.1, Vivid antes de v3.26.502.56, y Hero no restringe el acceso a localhost en el puerto TCP 2479, lo que permite a atacantes remotos (1) enviar mensajes SMS, (2) obtener el identificador de acceso a la red (NAI) y su contrase\u00f1a, o lanzar (3) mensajes emergentes o (4) tonos a trav\u00e9s de una aplicaci\u00f3n modificada que aprovecha el permiso android.permission.INTERNET."}], "lastModified": "2017-12-14T02:29:02.433", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:htc:evo_4g_software:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E815F275-7BB3-4E14-92F3-3D52A72CBE7E", "versionEndIncluding": "4.54.651.1"}, {"criteria": "cpe:2.3:a:htc:evo_4g_software:1.32.651.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E4654D8F-7355-4141-BD39-0A8ED38F437C"}, {"criteria": "cpe:2.3:a:htc:evo_4g_software:1.47.651.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0662E7B8-A831-4167-BEB9-9DD3CCF9F97F"}, {"criteria": "cpe:2.3:a:htc:evo_4g_software:3.26.651.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9A367B3F-5ADC-422B-A032-D82CD50D761F"}, {"criteria": "cpe:2.3:a:htc:evo_4g_software:3.29.651.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0B0AA96D-7810-43C3-996F-3BC01B4F6D62"}, {"criteria": "cpe:2.3:a:htc:evo_4g_software:3.30.651.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "02E8E505-CCEA-4052-AF9B-C5EF58DBCBD6"}, {"criteria": "cpe:2.3:a:htc:evo_4g_software:3.30.651.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6FD9E9AA-3DF7-4787-982F-8A0E651DF94D"}, {"criteria": "cpe:2.3:a:htc:evo_4g_software:3.70.651.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9D22BA87-3334-4939-B42E-0B3611E8B862"}, {"criteria": "cpe:2.3:a:htc:evo_4g_software:4.22.651.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D2408E95-7BFA-4D58-9FDA-9FF05DB2B5C8"}, {"criteria": "cpe:2.3:a:htc:evo_4g_software:4.24.651.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B6179012-8E51-4BFC-9592-BFA6AAE803D2"}, {"criteria": "cpe:2.3:a:htc:evo_4g_software:4.53.651.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3BCEC1AC-7CCA-409B-8346-35D9A2251FB6"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:htc:evo_4g:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1368A8C3-7F80-4DC4-9ADF-AC69E44CB9FC"}, {"criteria": "cpe:2.3:h:htc:evo_4g:gri40:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FF9842B1-3735-48CC-9163-36253B9C5AF6"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:htc:evo_design_4g_software:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7310B73E-B908-4A7D-8495-77454E87BAC6", "versionEndIncluding": "1.19.651.1"}, {"criteria": "cpe:2.3:a:htc:evo_design_4g_software:1.19.651.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7A33CE59-A315-4013-BE89-67EA077B7175"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:htc:evo_design_4g:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "11B01216-33EC-40A7-9781-2900BCEA15A3"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:htc:shift_4g_software:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2253FDBF-228A-4D3F-ABF9-7AFF03207D99", "versionEndIncluding": "2.76.651.6"}, {"criteria": "cpe:2.3:a:htc:shift_4g_software:1.17.651.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CB8920D7-3F96-4D13-BDFC-353E841BBE31"}, {"criteria": "cpe:2.3:a:htc:shift_4g_software:2.75.651.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "28DA32A0-818E-4442-B22B-A9BEC5052D96"}, {"criteria": "cpe:2.3:a:htc:shift_4g_software:2.75.651.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4407EE19-DE46-49BC-8CBA-D810B084EAD9"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:htc:shift_4g:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2741C50D-A992-49D9-8FC5-A782AE65B0AE"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:htc:evo_3d_software:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8197CEE7-054D-4840-B67C-A25B44068A7D", "versionEndIncluding": "2.08.651.3"}, {"criteria": "cpe:2.3:a:htc:evo_3d_software:1.11.651.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "77844462-3FA7-4C46-AFB5-61DD250711AE"}, {"criteria": "cpe:2.3:a:htc:evo_3d_software:1.13.651.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7F8636AB-44E1-4135-A13D-975E09812C0E"}, {"criteria": "cpe:2.3:a:htc:evo_3d_software:2.08.651.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "693681CD-E6E7-43D5-BC65-78828BDD4A6C"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:htc:evo_3d:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F8C77876-DC0F-42CB-B795-0BB5A0A7559A"}, {"criteria": "cpe:2.3:h:htc:evo_3d:gri40:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "04CE53C2-E91D-4E99-820A-D06BA1BBAAD3"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:htc:evo_view_4g_software:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7DD5920B-2C35-47B7-A54B-05C214556404", "versionEndIncluding": "1.22.651.2"}, {"criteria": "cpe:2.3:a:htc:evo_view_4g_software:1.22.651.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BCF81B72-FC57-4979-A44E-CA1BDDE07910"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:htc:evo_view_4g:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BDF0CF5D-A1CC-4703-9E93-04C7C8219CD4"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:htc:vivid_software:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "91416F0F-82A0-42FA-831C-FF61ADFAE7EF", "versionEndIncluding": "3.26.502"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:htc:vivid:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "977B55E8-22F3-47A9-876D-D0E858118FC3"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:htc:hero_software:1.29.651.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7178F17C-1CEF-419F-B7D0-85145807C2BF"}, {"criteria": "cpe:2.3:a:htc:hero_software:1.56.651.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "77BAD23A-A63F-47A4-9378-BA45A1327C48"}, {"criteria": "cpe:2.3:a:htc:hero_software:2.27.651.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F01536FC-F034-47F8-951E-26C87B40B311"}, {"criteria": "cpe:2.3:a:htc:hero_software:2.27.651.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5FC961A5-EC4B-4D4B-8465-35C2CC104751"}, {"criteria": "cpe:2.3:a:htc:hero_software:2.31.651.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C9F56F7E-D65F-4532-8CE1-D434B5BAF8CA"}, {"criteria": "cpe:2.3:a:htc:hero_software:2.32.651.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "69E23E10-885D-4D8E-B98C-1007CD8C7AD9"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:htc:hero:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "831A21A7-B190-408D-B220-6A5A023725A7"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}