VAR-201506-0179
Vulnerability from variot - Updated: 2023-12-18 12:07The SwiftKey language-pack update implementation on Samsung Galaxy S4, S4 Mini, S5, and S6 devices relies on an HTTP connection to the skslm.swiftkey.net server, which allows man-in-the-middle attackers to write to language-pack files by modifying an HTTP response. NOTE: CVE-2015-4640 exploitation can be combined with CVE-2015-4641 exploitation for man-in-the-middle code execution. Supplementary information : CWE Vulnerability type by CWE-254: Security Features ( Security function ) Has been identified. http://cwe.mitre.org/data/definitions/254.htmlMan-in-the-middle attacks (man-in-the-middle attack) By HTTP If the response is changed, it may be written to the language pack file. Samsung Galaxy S4 and so on are all smart mobile devices released by South Korea's Samsung. There are security vulnerabilities in the implementation of the SwiftKey language-pack upgrade for several Samsung Galaxy devices. Since the program uses HTTP to connect to the skslm.swiftkey.net server. SwiftKey is prone to a security-bypass vulnerability. Other attacks are also possible
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201506-0179",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "galaxy s4",
"scope": null,
"trust": 1.4,
"vendor": "samsung",
"version": null
},
{
"model": "galaxy s5",
"scope": null,
"trust": 1.4,
"vendor": "samsung",
"version": null
},
{
"model": "galaxy s4 mini",
"scope": null,
"trust": 1.4,
"vendor": "samsung",
"version": null
},
{
"model": "galaxy s6",
"scope": null,
"trust": 1.4,
"vendor": "samsung",
"version": null
},
{
"model": "sdk",
"scope": null,
"trust": 1.4,
"vendor": "swiftkey",
"version": null
},
{
"model": "sdk",
"scope": "eq",
"trust": 1.0,
"vendor": "swiftkey",
"version": "*"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "samsung",
"version": null
},
{
"model": "sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "swiftkey",
"version": "0"
},
{
"model": "galaxy s6",
"scope": "eq",
"trust": 0.3,
"vendor": "samsung",
"version": "0"
},
{
"model": "galaxy s5",
"scope": "eq",
"trust": 0.3,
"vendor": "samsung",
"version": "0"
},
{
"model": "galaxy s4 mini",
"scope": "eq",
"trust": 0.3,
"vendor": "samsung",
"version": "0"
},
{
"model": "galaxy s4",
"scope": "eq",
"trust": 0.3,
"vendor": "samsung",
"version": "0"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#155412"
},
{
"db": "CNVD",
"id": "CNVD-2015-04020"
},
{
"db": "BID",
"id": "75347"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003229"
},
{
"db": "NVD",
"id": "CVE-2015-4640"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-340"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:swiftkey:swiftkey_sdk:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:samsung:galaxy_s4:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:samsung:galaxy_s4_mini:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:samsung:galaxy_s5:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:samsung:galaxy_s6:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-4640"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ryan Welton and Ted Eull of NowSecure",
"sources": [
{
"db": "BID",
"id": "75347"
}
],
"trust": 0.3
},
"cve": "CVE-2015-4640",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 2.9,
"confidentialityImpact": "NONE",
"exploitabilityScore": 5.5,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 2.9,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2015-4640",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"confidentialityImpact": "NONE",
"exploitabilityScore": 5.5,
"id": "CNVD-2015-04020",
"impactScore": 6.9,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:M/Au:N/C:N/I:C/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-4640",
"trust": 1.8,
"value": "LOW"
},
{
"author": "CNVD",
"id": "CNVD-2015-04020",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201506-340",
"trust": 0.6,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04020"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003229"
},
{
"db": "NVD",
"id": "CVE-2015-4640"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-340"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The SwiftKey language-pack update implementation on Samsung Galaxy S4, S4 Mini, S5, and S6 devices relies on an HTTP connection to the skslm.swiftkey.net server, which allows man-in-the-middle attackers to write to language-pack files by modifying an HTTP response. NOTE: CVE-2015-4640 exploitation can be combined with CVE-2015-4641 exploitation for man-in-the-middle code execution. Supplementary information : CWE Vulnerability type by CWE-254: Security Features ( Security function ) Has been identified. http://cwe.mitre.org/data/definitions/254.htmlMan-in-the-middle attacks (man-in-the-middle attack) By HTTP If the response is changed, it may be written to the language pack file. Samsung Galaxy S4 and so on are all smart mobile devices released by South Korea\u0027s Samsung. There are security vulnerabilities in the implementation of the SwiftKey language-pack upgrade for several Samsung Galaxy devices. Since the program uses HTTP to connect to the skslm.swiftkey.net server. SwiftKey is prone to a security-bypass vulnerability. Other attacks are also possible",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-4640"
},
{
"db": "CERT/CC",
"id": "VU#155412"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003229"
},
{
"db": "CNVD",
"id": "CNVD-2015-04020"
},
{
"db": "BID",
"id": "75347"
}
],
"trust": 3.15
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#155412",
"trust": 3.8
},
{
"db": "NVD",
"id": "CVE-2015-4640",
"trust": 3.3
},
{
"db": "BID",
"id": "75347",
"trust": 1.3
},
{
"db": "JVN",
"id": "JVNVU94598171",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003229",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2015-04020",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201506-340",
"trust": 0.6
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#155412"
},
{
"db": "CNVD",
"id": "CNVD-2015-04020"
},
{
"db": "BID",
"id": "75347"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003229"
},
{
"db": "NVD",
"id": "CVE-2015-4640"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-340"
}
]
},
"id": "VAR-201506-0179",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04020"
}
],
"trust": 1.11790417
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04020"
}
]
},
"last_update_date": "2023-12-18T12:07:17.090000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Information Regarding the Keyboard Security Issue and Our Device Policy Update",
"trust": 0.8,
"url": "http://global.samsungtomorrow.com/information-regarding-the-keyboard-security-issue-and-our-device-policy-update/"
},
{
"title": "Is my Samsung device open to a security hack or vulnerability through the keyboard?",
"trust": 0.8,
"url": "https://support.swiftkey.com/hc/en-us/articles/203483421"
},
{
"title": "Patches for multiple Samsung Galaxy device man-in-the-middle attacks",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/60051"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04020"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003229"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-254",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003229"
},
{
"db": "NVD",
"id": "CVE-2015-4640"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.5,
"url": "https://www.nowsecure.com/blog/2015/06/16/remote-code-execution-as-system-user-on-samsung-phones/"
},
{
"trust": 3.3,
"url": "https://www.nowsecure.com/keyboard-vulnerability/"
},
{
"trust": 3.0,
"url": "http://www.kb.cert.org/vuls/id/155412"
},
{
"trust": 2.4,
"url": "http://arstechnica.com/security/2015/06/new-exploit-turns-samsung-galaxy-phones-into-remote-bugging-devices/"
},
{
"trust": 1.6,
"url": "https://github.com/nowsecure/samsung-ime-rce-poc/"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/75347"
},
{
"trust": 0.8,
"url": "https://www.nowsecure.com/blog/2015/06/23/on-detecting-and-preventing-the-samsung-ime-keyboard-swiftkey-language-pack-update-vulnerability/"
},
{
"trust": 0.8,
"url": "http://global.samsungtomorrow.com/information-regarding-the-keyboard-security-issue-and-our-device-policy-update/"
},
{
"trust": 0.8,
"url": "http://swiftkey.com/en/blog/samsung-keyboard-security-vulnerability-swiftkey/"
},
{
"trust": 0.8,
"url": "https://www.blackhat.com/ldn-15/summit.html#abusing-android-apps-and-gaining-remote-code-execution"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/300.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4640"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu94598171/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4640"
},
{
"trust": 0.3,
"url": "http://www.samsung.com/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#155412"
},
{
"db": "CNVD",
"id": "CNVD-2015-04020"
},
{
"db": "BID",
"id": "75347"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003229"
},
{
"db": "NVD",
"id": "CVE-2015-4640"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-340"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#155412"
},
{
"db": "CNVD",
"id": "CNVD-2015-04020"
},
{
"db": "BID",
"id": "75347"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003229"
},
{
"db": "NVD",
"id": "CVE-2015-4640"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-340"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-06-16T00:00:00",
"db": "CERT/CC",
"id": "VU#155412"
},
{
"date": "2015-06-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-04020"
},
{
"date": "2015-06-19T00:00:00",
"db": "BID",
"id": "75347"
},
{
"date": "2015-06-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003229"
},
{
"date": "2015-06-19T14:59:01.347000",
"db": "NVD",
"id": "CVE-2015-4640"
},
{
"date": "2015-06-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201506-340"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-06-25T00:00:00",
"db": "CERT/CC",
"id": "VU#155412"
},
{
"date": "2015-06-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-04020"
},
{
"date": "2015-06-19T00:00:00",
"db": "BID",
"id": "75347"
},
{
"date": "2015-07-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003229"
},
{
"date": "2016-12-07T18:13:37.027000",
"db": "NVD",
"id": "CVE-2015-4640"
},
{
"date": "2015-06-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201506-340"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "specific network environment",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201506-340"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Samsung Galaxy S phones fail to properly validate SwiftKey language pack updates",
"sources": [
{
"db": "CERT/CC",
"id": "VU#155412"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "75347"
}
],
"trust": 0.3
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…