var-201506-0179
Vulnerability from variot
The SwiftKey language-pack update implementation on Samsung Galaxy S4, S4 Mini, S5, and S6 devices relies on an HTTP connection to the skslm.swiftkey.net server, which allows man-in-the-middle attackers to write to language-pack files by modifying an HTTP response. NOTE: CVE-2015-4640 exploitation can be combined with CVE-2015-4641 exploitation for man-in-the-middle code execution. Supplementary information : CWE Vulnerability type by CWE-254: Security Features ( Security function ) Has been identified. http://cwe.mitre.org/data/definitions/254.htmlMan-in-the-middle attacks (man-in-the-middle attack) By HTTP If the response is changed, it may be written to the language pack file. Samsung Galaxy S4 and so on are all smart mobile devices released by South Korea's Samsung. There are security vulnerabilities in the implementation of the SwiftKey language-pack upgrade for several Samsung Galaxy devices. Since the program uses HTTP to connect to the skslm.swiftkey.net server. SwiftKey is prone to a security-bypass vulnerability. Other attacks are also possible
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201506-0179", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "galaxy s4", scope: null, trust: 1.4, vendor: "samsung", version: null, }, { model: "galaxy s5", scope: null, trust: 1.4, vendor: "samsung", version: null, }, { model: "galaxy s4 mini", scope: null, trust: 1.4, vendor: "samsung", version: null, }, { model: "galaxy s6", scope: null, trust: 1.4, vendor: "samsung", version: null, }, { model: "sdk", scope: null, trust: 1.4, vendor: "swiftkey", version: null, }, { model: "sdk", scope: "eq", trust: 1, vendor: "swiftkey", version: "*", }, { model: null, scope: null, trust: 0.8, vendor: "samsung", version: null, }, { model: "sdk", scope: "eq", trust: 0.3, vendor: "swiftkey", version: "0", }, { model: "galaxy s6", scope: "eq", trust: 0.3, vendor: "samsung", version: "0", }, { model: "galaxy s5", scope: "eq", trust: 0.3, vendor: "samsung", version: "0", }, { model: "galaxy s4 mini", scope: "eq", trust: 0.3, vendor: "samsung", version: "0", }, { model: "galaxy s4", scope: "eq", trust: 0.3, vendor: "samsung", version: "0", }, ], sources: [ { db: "CERT/CC", id: "VU#155412", }, { db: "CNVD", id: "CNVD-2015-04020", }, { db: "BID", id: "75347", }, { db: "JVNDB", id: "JVNDB-2015-003229", }, { db: "NVD", id: "CVE-2015-4640", }, { db: "CNNVD", id: "CNNVD-201506-340", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:swiftkey:swiftkey_sdk:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:samsung:galaxy_s4:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:samsung:galaxy_s4_mini:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:samsung:galaxy_s5:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:samsung:galaxy_s6:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2015-4640", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Ryan Welton and Ted Eull of NowSecure", sources: [ { db: "BID", id: "75347", }, ], trust: 0.3, }, cve: "CVE-2015-4640", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "MEDIUM", accessVector: "ADJACENT_NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "NONE", baseScore: 2.9, confidentialityImpact: "NONE", exploitabilityScore: 5.5, impactScore: 2.9, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "LOW", trust: 1, userInteractionRequired: false, vectorString: "AV:A/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Medium", accessVector: "Adjacent Network", authentication: "None", author: "NVD", availabilityImpact: "None", baseScore: 2.9, confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2015-4640", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Low", trust: 0.8, userInteractionRequired: null, vectorString: "AV:A/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, { accessComplexity: "MEDIUM", accessVector: "ADJACENT_NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "NONE", baseScore: 5.7, confidentialityImpact: "NONE", exploitabilityScore: 5.5, id: "CNVD-2015-04020", impactScore: 6.9, integrityImpact: "COMPLETE", severity: "MEDIUM", trust: 0.6, vectorString: "AV:A/AC:M/Au:N/C:N/I:C/A:N", version: "2.0", }, ], cvssV3: [], severity: [ { author: "NVD", id: "CVE-2015-4640", trust: 1.8, value: "LOW", }, { author: "CNVD", id: "CNVD-2015-04020", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-201506-340", trust: 0.6, value: "LOW", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2015-04020", }, { db: "JVNDB", id: "JVNDB-2015-003229", }, { db: "NVD", id: "CVE-2015-4640", }, { db: "CNNVD", id: "CNNVD-201506-340", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "The SwiftKey language-pack update implementation on Samsung Galaxy S4, S4 Mini, S5, and S6 devices relies on an HTTP connection to the skslm.swiftkey.net server, which allows man-in-the-middle attackers to write to language-pack files by modifying an HTTP response. NOTE: CVE-2015-4640 exploitation can be combined with CVE-2015-4641 exploitation for man-in-the-middle code execution. Supplementary information : CWE Vulnerability type by CWE-254: Security Features ( Security function ) Has been identified. http://cwe.mitre.org/data/definitions/254.htmlMan-in-the-middle attacks (man-in-the-middle attack) By HTTP If the response is changed, it may be written to the language pack file. Samsung Galaxy S4 and so on are all smart mobile devices released by South Korea's Samsung. There are security vulnerabilities in the implementation of the SwiftKey language-pack upgrade for several Samsung Galaxy devices. Since the program uses HTTP to connect to the skslm.swiftkey.net server. SwiftKey is prone to a security-bypass vulnerability. Other attacks are also possible", sources: [ { db: "NVD", id: "CVE-2015-4640", }, { db: "CERT/CC", id: "VU#155412", }, { db: "JVNDB", id: "JVNDB-2015-003229", }, { db: "CNVD", id: "CNVD-2015-04020", }, { db: "BID", id: "75347", }, ], trust: 3.15, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "CERT/CC", id: "VU#155412", trust: 3.8, }, { db: "NVD", id: "CVE-2015-4640", trust: 3.3, }, { db: "BID", id: "75347", trust: 1.3, }, { db: "JVN", id: "JVNVU94598171", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2015-003229", trust: 0.8, }, { db: "CNVD", id: "CNVD-2015-04020", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-201506-340", trust: 0.6, }, ], sources: [ { db: "CERT/CC", id: "VU#155412", }, { db: "CNVD", id: "CNVD-2015-04020", }, { db: "BID", id: "75347", }, { db: "JVNDB", id: "JVNDB-2015-003229", }, { db: "NVD", id: "CVE-2015-4640", }, { db: "CNNVD", id: "CNNVD-201506-340", }, ], }, id: "VAR-201506-0179", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2015-04020", }, ], trust: 1.11790417, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2015-04020", }, ], }, last_update_date: "2023-12-18T12:07:17.090000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Information Regarding the Keyboard Security Issue and Our Device Policy Update", trust: 0.8, url: "http://global.samsungtomorrow.com/information-regarding-the-keyboard-security-issue-and-our-device-policy-update/", }, { title: "Is my Samsung device open to a security hack or vulnerability through the keyboard?", trust: 0.8, url: "https://support.swiftkey.com/hc/en-us/articles/203483421", }, { title: "Patches for multiple Samsung Galaxy device man-in-the-middle attacks", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/60051", }, ], sources: [ { db: "CNVD", id: "CNVD-2015-04020", }, { db: "JVNDB", id: "JVNDB-2015-003229", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-254", trust: 1, }, { problemtype: "CWE-Other", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2015-003229", }, { db: "NVD", id: "CVE-2015-4640", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 3.5, url: "https://www.nowsecure.com/blog/2015/06/16/remote-code-execution-as-system-user-on-samsung-phones/", }, { trust: 3.3, url: "https://www.nowsecure.com/keyboard-vulnerability/", }, { trust: 3, url: "http://www.kb.cert.org/vuls/id/155412", }, { trust: 2.4, url: "http://arstechnica.com/security/2015/06/new-exploit-turns-samsung-galaxy-phones-into-remote-bugging-devices/", }, { trust: 1.6, url: "https://github.com/nowsecure/samsung-ime-rce-poc/", }, { trust: 1, url: "http://www.securityfocus.com/bid/75347", }, { trust: 0.8, url: "https://www.nowsecure.com/blog/2015/06/23/on-detecting-and-preventing-the-samsung-ime-keyboard-swiftkey-language-pack-update-vulnerability/", }, { trust: 0.8, url: "http://global.samsungtomorrow.com/information-regarding-the-keyboard-security-issue-and-our-device-policy-update/", }, { trust: 0.8, url: "http://swiftkey.com/en/blog/samsung-keyboard-security-vulnerability-swiftkey/", }, { trust: 0.8, url: "https://www.blackhat.com/ldn-15/summit.html#abusing-android-apps-and-gaining-remote-code-execution", }, { trust: 0.8, url: "http://cwe.mitre.org/data/definitions/300.html", }, { trust: 0.8, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4640", }, { trust: 0.8, url: "http://jvn.jp/vu/jvnvu94598171/index.html", }, { trust: 0.8, url: "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4640", }, { trust: 0.3, url: "http://www.samsung.com/", }, ], sources: [ { db: "CERT/CC", id: "VU#155412", }, { db: "CNVD", id: "CNVD-2015-04020", }, { db: "BID", id: "75347", }, { db: "JVNDB", id: "JVNDB-2015-003229", }, { db: "NVD", id: "CVE-2015-4640", }, { db: "CNNVD", id: "CNNVD-201506-340", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CERT/CC", id: "VU#155412", }, { db: "CNVD", id: "CNVD-2015-04020", }, { db: "BID", id: "75347", }, { db: "JVNDB", id: "JVNDB-2015-003229", }, { db: "NVD", id: "CVE-2015-4640", }, { db: "CNNVD", id: "CNNVD-201506-340", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2015-06-16T00:00:00", db: "CERT/CC", id: "VU#155412", }, { date: "2015-06-26T00:00:00", db: "CNVD", id: "CNVD-2015-04020", }, { date: "2015-06-19T00:00:00", db: "BID", id: "75347", }, { date: "2015-06-23T00:00:00", db: "JVNDB", id: "JVNDB-2015-003229", }, { date: "2015-06-19T14:59:01.347000", db: "NVD", id: "CVE-2015-4640", }, { date: "2015-06-23T00:00:00", db: "CNNVD", id: "CNNVD-201506-340", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2015-06-25T00:00:00", db: "CERT/CC", id: "VU#155412", }, { date: "2015-06-26T00:00:00", db: "CNVD", id: "CNVD-2015-04020", }, { date: "2015-06-19T00:00:00", db: "BID", id: "75347", }, { date: "2015-07-01T00:00:00", db: "JVNDB", id: "JVNDB-2015-003229", }, { date: "2016-12-07T18:13:37.027000", db: "NVD", id: "CVE-2015-4640", }, { date: "2015-06-23T00:00:00", db: "CNNVD", id: "CNNVD-201506-340", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "specific network environment", sources: [ { db: "CNNVD", id: "CNNVD-201506-340", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Samsung Galaxy S phones fail to properly validate SwiftKey language pack updates", sources: [ { db: "CERT/CC", id: "VU#155412", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Design Error", sources: [ { db: "BID", id: "75347", }, ], trust: 0.3, }, }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.