CVE-2012-4248 - OpenCVE

The Amazon Kindle Touch before 5.1.2 does not properly restrict access to the libkindleplugin.so NPAPI plugin interface, which might allow remote attackers to have an unspecified impact via vectors involving the (1) dev.log, (2) lipc.set, (3) lipc.get, or (4) todo.scheduleItems method, a different vulnerability than CVE-2012-4249.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Amazon	Kindle Touch

Configuration 1 [-]

OR	cpe:2.3:h:amazon:kindle_touch::::::::
	cpe:2.3:h:amazon:kindle_touch:5.1.0:::::::*

No data.

References

Link	Providers
http://www.kb.cert.org/vuls/id/122656
http://www.kb.cert.org/vuls/id/MORO-8WKGBN
http://www.mobileread.com/forums/showthread.php?s=c7953cc553a4aaa36e880b25aa1a6bf6&t=175368

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2012-08-12T17:00:00Z

Updated: 2024-09-16T22:41:26.551Z

Reserved: 2012-08-12T00:00:00Z

Link: CVE-2012-4248

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2012-08-12T17:55:01.230

Modified: 2012-08-13T04:00:00.000

Link: CVE-2012-4248

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The Amazon Kindle Touch before 5.1.2 does not properly restrict access to the libkindleplugin.so NPAPI plugin interface, which might allow remote attackers to have an unspecified impact via vectors involving the (1) dev.log, (2) lipc.set, (3) lipc.get, or (4) todo.scheduleItems method, a different vulnerability than CVE-2012-4249."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2012-08-12T17:00:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.mobileread.com/forums/showthread.php?s=c7953cc553a4aaa36e880b25aa1a6bf6&t=175368"}, {"name": "VU#122656", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/122656"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.kb.cert.org/vuls/id/MORO-8WKGBN"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-4248", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Amazon Kindle Touch before 5.1.2 does not properly restrict access to the libkindleplugin.so NPAPI plugin interface, which might allow remote attackers to have an unspecified impact via vectors involving the (1) dev.log, (2) lipc.set, (3) lipc.get, or (4) todo.scheduleItems method, a different vulnerability than CVE-2012-4249."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.mobileread.com/forums/showthread.php?s=c7953cc553a4aaa36e880b25aa1a6bf6&t=175368", "refsource": "MISC", "url": "http://www.mobileread.com/forums/showthread.php?s=c7953cc553a4aaa36e880b25aa1a6bf6&t=175368"}, {"name": "VU#122656", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/122656"}, {"name": "http://www.kb.cert.org/vuls/id/MORO-8WKGBN", "refsource": "CONFIRM", "url": "http://www.kb.cert.org/vuls/id/MORO-8WKGBN"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T20:28:07.673Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.mobileread.com/forums/showthread.php?s=c7953cc553a4aaa36e880b25aa1a6bf6&t=175368"}, {"name": "VU#122656", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/122656"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/MORO-8WKGBN"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2012-4248", "datePublished": "2012-08-12T17:00:00Z", "dateReserved": "2012-08-12T00:00:00Z", "dateUpdated": "2024-09-16T22:41:26.551Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:amazon:kindle_touch:*:*:*:*:*:*:*:*", "matchCriteriaId": "CA0F2C51-0616-4CF4-BA6A-215C17D7CECA", "versionEndIncluding": "5.1.1", "vulnerable": true}, {"criteria": "cpe:2.3:h:amazon:kindle_touch:5.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "A60089FD-E09B-4153-99E1-EBE958917566", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Amazon Kindle Touch before 5.1.2 does not properly restrict access to the libkindleplugin.so NPAPI plugin interface, which might allow remote attackers to have an unspecified impact via vectors involving the (1) dev.log, (2) lipc.set, (3) lipc.get, or (4) todo.scheduleItems method, a different vulnerability than CVE-2012-4249."}, {"lang": "es", "value": "La tableta Amazon Kindle Touch anterior a v5.1.2 no restringe adecuadamente el acceso a la interfaz del plugin libkindleplugin.so NPAPI lo que podr\u00eda permitir a atacantes remotos obtener acceso a trav\u00e9s de vectores que incluyen (1) dev.log, (2) lipc.set, (3) lipc.get, o (4) todo.scheduleItems method, una vulnerabilidad diferente que CVE-2012-4249."}], "id": "CVE-2012-4248", "lastModified": "2012-08-13T04:00:00.000", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2012-08-12T17:55:01.230", "references": [{"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/122656"}, {"source": "cve@mitre.org", "url": "http://www.kb.cert.org/vuls/id/MORO-8WKGBN"}, {"source": "cve@mitre.org", "url": "http://www.mobileread.com/forums/showthread.php?s=c7953cc553a4aaa36e880b25aa1a6bf6&t=175368"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}