VAR-201412-0590
Vulnerability from variot - Updated: 2023-12-18 12:51FUJITSU F-12C, ARROWS Tab LTE F-01D, ARROWS Kiss F-03D, and REGZA Phone T-01D for Android allows local users to execute arbitrary commands via unspecified vectors. Multiple FUJITSU Android devices contain an OS command injection vulnerability. Masaaki Chida of GREE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An attacker with local access may obtain root privileges and execute arbitrary OS commands. Fujitsu is the world's leading provider of ICT integrated services for industry solutions for the global market
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201412-0590",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "regza phone t-01d",
"scope": "eq",
"trust": 1.6,
"vendor": "fujitsu",
"version": null
},
{
"model": "arrows tab lte f-01d",
"scope": "eq",
"trust": 1.6,
"vendor": "fujitsu",
"version": null
},
{
"model": "arrows kiss f-03d",
"scope": "eq",
"trust": 1.6,
"vendor": "fujitsu",
"version": null
},
{
"model": "f-12c",
"scope": "eq",
"trust": 1.6,
"vendor": "fujitsu",
"version": null
},
{
"model": "",
"scope": null,
"trust": 0.8,
"vendor": "multiple venders",
"version": null
},
{
"model": "f-12c",
"scope": null,
"trust": 0.6,
"vendor": "fujitsu",
"version": null
},
{
"model": "arrows tab lte f-01d",
"scope": null,
"trust": 0.6,
"vendor": "fujitsu",
"version": null
},
{
"model": "regza phone t-01d",
"scope": null,
"trust": 0.6,
"vendor": "fujitsu",
"version": null
},
{
"model": "arrows kiss f-03d",
"scope": null,
"trust": 0.6,
"vendor": "fujitsu",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-08713"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000138"
},
{
"db": "NVD",
"id": "CVE-2014-7253"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-130"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:fujitsu:arrows_tab_lte_f-01d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:fujitsu:arrows_kiss_f-03d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:fujitsu:regza_phone_t-01d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:fujitsu:f-12c:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-7253"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Masaaki Chida of GREE",
"sources": [
{
"db": "BID",
"id": "71414"
}
],
"trust": 0.3
},
"cve": "CVE-2014-7253",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Local",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Complete",
"baseScore": 6.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2014-000138",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 1.9,
"id": "CNVD-2014-08713",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-7253",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2014-000138",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2014-08713",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201412-130",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-08713"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000138"
},
{
"db": "NVD",
"id": "CVE-2014-7253"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-130"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FUJITSU F-12C, ARROWS Tab LTE F-01D, ARROWS Kiss F-03D, and REGZA Phone T-01D for Android allows local users to execute arbitrary commands via unspecified vectors. Multiple FUJITSU Android devices contain an OS command injection vulnerability. Masaaki Chida of GREE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An attacker with local access may obtain root privileges and execute arbitrary OS commands. Fujitsu is the world\u0027s leading provider of ICT integrated services for industry solutions for the global market",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-7253"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000138"
},
{
"db": "CNVD",
"id": "CNVD-2014-08713"
},
{
"db": "BID",
"id": "71414"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-7253",
"trust": 3.3
},
{
"db": "JVN",
"id": "JVN06302787",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000138",
"trust": 2.4
},
{
"db": "BID",
"id": "71414",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2014-08713",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201412-130",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-08713"
},
{
"db": "BID",
"id": "71414"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000138"
},
{
"db": "NVD",
"id": "CVE-2014-7253"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-130"
}
]
},
"id": "VAR-201412-0590",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-08713"
}
],
"trust": 1.1208333499999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-08713"
}
]
},
"last_update_date": "2023-12-18T12:51:48.294000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Information from NTT DOCOMO, INC.",
"trust": 0.8,
"url": "http://jvn.jp/en/jp/jvn06302787/995312/index.html"
},
{
"title": "Patches for Unknown OS Command Injection Vulnerabilities in Multiple FUJITSU Products",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/52411"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-08713"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000138"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-000138"
},
{
"db": "NVD",
"id": "CVE-2014-7253"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://jvn.jp/en/jp/jvn06302787/index.html"
},
{
"trust": 1.6,
"url": "http://jvn.jp/en/jp/jvn06302787/995312/index.html"
},
{
"trust": 1.6,
"url": "http://jvndb.jvn.jp/ja/contents/2014/jvndb-2014-000138.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-7253"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-7253"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/71414"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-08713"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000138"
},
{
"db": "NVD",
"id": "CVE-2014-7253"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-130"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2014-08713"
},
{
"db": "BID",
"id": "71414"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000138"
},
{
"db": "NVD",
"id": "CVE-2014-7253"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-130"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-12-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-08713"
},
{
"date": "2014-12-02T00:00:00",
"db": "BID",
"id": "71414"
},
{
"date": "2014-12-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-000138"
},
{
"date": "2014-12-05T17:59:02.103000",
"db": "NVD",
"id": "CVE-2014-7253"
},
{
"date": "2014-12-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201412-130"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-12-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-08713"
},
{
"date": "2014-12-02T00:00:00",
"db": "BID",
"id": "71414"
},
{
"date": "2014-12-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-000138"
},
{
"date": "2014-12-08T13:54:39.737000",
"db": "NVD",
"id": "CVE-2014-7253"
},
{
"date": "2014-12-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201412-130"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "71414"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-130"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OS command injection vulnerability in multiple FUJITSU Android devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-000138"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201412-130"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…