CVE-2017-12816 (GCVE-0-2017-12816)
Vulnerability from cvelistv5
Published
2017-08-25 20:00
Modified
2024-08-05 18:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Incorrect Access Control
Summary
In Kaspersky Internet Security for Android 11.12.4.1622, some of application exports activities have weak permissions, which might be used by a malware application to get unauthorized access to the product functionality by using Android IPC.
References
► | URL | Tags | |||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Kaspersky Lab | Kaspersky Lab Kaspersky Internet Security for Android 11.12.4.1622 |
Version: Kaspersky Lab Kaspersky Internet Security for Android 11.12.4.1622 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:51:06.794Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.kaspersky.com/vulnerability.aspx?el=12430#090817" }, { "name": "100505", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100505" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Kaspersky Lab Kaspersky Internet Security for Android 11.12.4.1622", "vendor": "Kaspersky Lab", "versions": [ { "status": "affected", "version": "Kaspersky Lab Kaspersky Internet Security for Android 11.12.4.1622" } ] } ], "datePublic": "2017-08-25T00:00:00", "descriptions": [ { "lang": "en", "value": "In Kaspersky Internet Security for Android 11.12.4.1622, some of application exports activities have weak permissions, which might be used by a malware application to get unauthorized access to the product functionality by using Android IPC." } ], "problemTypes": [ { "descriptions": [ { "description": "Incorrect Access Control", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-29T09:57:01", "orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988", "shortName": "Kaspersky" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.kaspersky.com/vulnerability.aspx?el=12430#090817" }, { "name": "100505", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100505" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "vulnerability@kaspersky.com", "ID": "CVE-2017-12816", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Kaspersky Lab Kaspersky Internet Security for Android 11.12.4.1622", "version": { "version_data": [ { "version_value": "Kaspersky Lab Kaspersky Internet Security for Android 11.12.4.1622" } ] } } ] }, "vendor_name": "Kaspersky Lab" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In Kaspersky Internet Security for Android 11.12.4.1622, some of application exports activities have weak permissions, which might be used by a malware application to get unauthorized access to the product functionality by using Android IPC." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Incorrect Access Control" } ] } ] }, "references": { "reference_data": [ { "name": "https://support.kaspersky.com/vulnerability.aspx?el=12430#090817", "refsource": "CONFIRM", "url": "https://support.kaspersky.com/vulnerability.aspx?el=12430#090817" }, { "name": "100505", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100505" } ] } } } }, "cveMetadata": { "assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988", "assignerShortName": "Kaspersky", "cveId": "CVE-2017-12816", "datePublished": "2017-08-25T20:00:00", "dateReserved": "2017-08-11T00:00:00", "dateUpdated": "2024-08-05T18:51:06.794Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "vulnerability-lookup:meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2017-12816\",\"sourceIdentifier\":\"vulnerability@kaspersky.com\",\"published\":\"2017-08-25T20:29:00.177\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In Kaspersky Internet Security for Android 11.12.4.1622, some of application exports activities have weak permissions, which might be used by a malware application to get unauthorized access to the product functionality by using Android IPC.\"},{\"lang\":\"es\",\"value\":\"En Kaspersky Internet Security para Android 11.12.4.1622, algunas de las actividades de exportaci\u00f3n de aplicaci\u00f3n tienen permisos d\u00e9biles, lo que podr\u00eda ser empleado por una aplicaci\u00f3n malware para obtener acceso sin autorizaci\u00f3n a la funcionalidad de producto mediante el uso de Android IPC.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-732\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:kaspersky:internet_security:11.12.4.1622:*:*:*:*:android:*:*\",\"matchCriteriaId\":\"4A9DD9D2-3E56-48B9-A13C-D243A9AB9097\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/100505\",\"source\":\"vulnerability@kaspersky.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://support.kaspersky.com/vulnerability.aspx?el=12430#090817\",\"source\":\"vulnerability@kaspersky.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/100505\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://support.kaspersky.com/vulnerability.aspx?el=12430#090817\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}" } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…