CVE-2015-6611

mediaserver in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows remote attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, aka internal bugs 23905951, 23912202, 23953967, 23696300, 23600291, 23756261, 23541506, 23284974, 23542351, and 23542352, a different vulnerability than CVE-2015-8074.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.securitytracker.com/id/1034049	Third Party Advisory VDB Entry
https://groups.google.com/forum/message/raw?msg=android-security-updates/n1aw2MGce4E/jhpVEWDUCAAJ	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:google:android::::::::
	cpe:2.3:o:google:android:6.0:::::::*

History

No history.

Information

Published : 2015-11-03 11:59

Updated : 2024-02-04 18:53

NVD link : CVE-2015-6611

Mitre link : CVE-2015-6611

CVE.ORG link : CVE-2015-6611

JSON object : View

Products Affected

google

android

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2015-6611", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": true, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-11-03T11:59:04.127", "references": [{"url": "http://www.securitytracker.com/id/1034049", "tags": ["Third Party Advisory", "VDB Entry"], "source": "security@android.com"}, {"url": "https://groups.google.com/forum/message/raw?msg=android-security-updates/n1aw2MGce4E/jhpVEWDUCAAJ", "tags": ["Vendor Advisory"], "source": "security@android.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "mediaserver in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows remote attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, aka internal bugs 23905951, 23912202, 23953967, 23696300, 23600291, 23756261, 23541506, 23284974, 23542351, and 23542352, a different vulnerability than CVE-2015-8074."}, {"lang": "es", "value": "mediaserver en Android en versiones anteriores a 5.1.1 LMY48X y 6.0 en versiones anteriores a 2015-11-01 permite a atacantes remotos obtener informaci\u00f3n sensible, y consecuentemente eludir un mecanismo de protecci\u00f3n no especificado, a trav\u00e9s de vectores desconocidos, tambi\u00e9n conocido como errores internos 23905951, 23912202, 23953967, 23696300, 23600291, 23756261, 23541506, 23284974, 23542351 y 23542352, una vulnerabilidad diferente a CVE-2015-8074."}], "lastModified": "2019-02-12T18:53:02.887", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E16A4D73-9C27-4BB3-A5EC-0090BCB54A1C", "versionEndExcluding": "5.1.1", "versionStartIncluding": "5.0"}, {"criteria": "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E70C6D8D-C9C3-4D92-8DFC-71F59E068295"}], "operator": "OR"}]}], "sourceIdentifier": "security@android.com"}