CVE-2015-0575 - Vulnerability Details

Vendors	Products
Google	Android

Link	Providers
http://www.securityfocus.com/bid/99467
https://source.android.com/security/bulletin/2017-07-01

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "All Qualcomm products", "vendor": "Qualcomm, Inc.", "versions": [{"status": "affected", "version": "All Android releases from CAF using the Linux kernel"}]}], "datePublic": "2017-07-01T00:00:00", "descriptions": [{"lang": "en", "value": "In all Qualcomm products with Android releases from CAF using the Linux kernel, insecure ciphersuites were included in the default configuration."}], "problemTypes": [{"descriptions": [{"description": "Configuration Vulnerability in SSL", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-19T09:57:01", "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "shortName": "qualcomm"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://source.android.com/security/bulletin/2017-07-01"}, {"name": "99467", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/99467"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "product-security@qualcomm.com", "DATE_PUBLIC": "2017-07-01T00:00:00", "ID": "CVE-2015-0575", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "All Qualcomm products", "version": {"version_data": [{"version_value": "All Android releases from CAF using the Linux kernel"}]}}]}, "vendor_name": "Qualcomm, Inc."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In all Qualcomm products with Android releases from CAF using the Linux kernel, insecure ciphersuites were included in the default configuration."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Configuration Vulnerability in SSL"}]}]}, "references": {"reference_data": [{"name": "https://source.android.com/security/bulletin/2017-07-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-07-01"}, {"name": "99467", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99467"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T04:17:31.680Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://source.android.com/security/bulletin/2017-07-01"}, {"name": "99467", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/99467"}]}]}, "cveMetadata": {"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "assignerShortName": "qualcomm", "cveId": "CVE-2015-0575", "datePublished": "2017-08-18T18:00:00Z", "dateReserved": "2015-01-07T00:00:00", "dateUpdated": "2024-09-17T03:52:54.707Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : All Qualcomm products (string)

vendor : Qualcomm, Inc. (string)

versions : [ »

0 : { »

status : affected (string)

version : All Android releases from CAF using the Linux kernel (string)

}

]

}

]

datePublic : 2017-07-01T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : In all Qualcomm products with Android releases from CAF using the Linux kernel, insecure ciphersuites were included in the default configuration. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : Configuration Vulnerability in SSL (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2017-08-19T09:57:01 (string)

orgId : 2cfc7d3e-20d3-47ac-8db7-1b7285aff15f (string)

shortName : qualcomm (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://source.android.com/security/bulletin/2017-07-01 (string)

}

1 : { »

name : 99467 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

]

url : http://www.securityfocus.com/bid/99467 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : product-security@qualcomm.com (string)

DATE_PUBLIC : 2017-07-01T00:00:00 (string)

ID : CVE-2015-0575 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : All Qualcomm products (string)

version : { »

version_data : [ »

0 : { »

version_value : All Android releases from CAF using the Linux kernel (string)

}

]

}

]

}

vendor_name : Qualcomm, Inc. (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : In all Qualcomm products with Android releases from CAF using the Linux kernel, insecure ciphersuites were included in the default configuration. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : Configuration Vulnerability in SSL (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://source.android.com/security/bulletin/2017-07-01 (string)

refsource : CONFIRM (string)

url : https://source.android.com/security/bulletin/2017-07-01 (string)

}

1 : { »

name : 99467 (string)

refsource : BID (string)

url : http://www.securityfocus.com/bid/99467 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-06T04:17:31.680Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://source.android.com/security/bulletin/2017-07-01 (string)

}

1 : { »

name : 99467 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

2 : x_transferred (string)

]

url : http://www.securityfocus.com/bid/99467 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 2cfc7d3e-20d3-47ac-8db7-1b7285aff15f (string)

assignerShortName : qualcomm (string)

cveId : CVE-2015-0575 (string)

datePublished : 2017-08-18T18:00:00Z (string)

dateReserved : 2015-01-07T00:00:00 (string)

dateUpdated : 2024-09-17T03:52:54.707Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", "matchCriteriaId": "8255F035-04C8-4158-B301-82101711939C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In all Qualcomm products with Android releases from CAF using the Linux kernel, insecure ciphersuites were included in the default configuration."}, {"lang": "es", "value": "Se incluyeron en la configuraci\u00f3n por defecto conjuntos de cifrado no seguros en todos los productos Qualcomm con distribuciones Android desde CAF empleando el kernel Linux."}], "id": "CVE-2015-0575", "lastModified": "2024-11-21T02:23:20.797", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-08-18T18:29:00.813", "references": [{"source": "product-security@qualcomm.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/99467"}, {"source": "product-security@qualcomm.com", "tags": ["Vendor Advisory"], "url": "https://source.android.com/security/bulletin/2017-07-01"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/99467"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://source.android.com/security/bulletin/2017-07-01"}], "sourceIdentifier": "product-security@qualcomm.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-326"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:google:android:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 8255F035-04C8-4158-B301-82101711939C (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : In all Qualcomm products with Android releases from CAF using the Linux kernel, insecure ciphersuites were included in the default configuration. (string)

}

1 : { »

lang : es (string)

value : Se incluyeron en la configuración por defecto conjuntos de cifrado no seguros en todos los productos Qualcomm con distribuciones Android desde CAF empleando el kernel Linux. (string)

}

]

id : CVE-2015-0575 (string)

lastModified : 2024-11-21T02:23:20.797 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : true (boolean)

baseSeverity : HIGH (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : COMPLETE (string)

baseScore : 10 (number)

confidentialityImpact : COMPLETE (string)

integrityImpact : COMPLETE (string)

vectorString : AV:N/AC:L/Au:N/C:C/I:C/A:C (string)

version : 2.0 (string)

}

exploitabilityScore : 10 (number)

impactScore : 10 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV30 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 9.8 (number)

baseSeverity : CRITICAL (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (string)

version : 3.0 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 5.9 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2017-08-18T18:29:00.813 (string)

references : [ »

0 : { »

source : product-security@qualcomm.com (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.securityfocus.com/bid/99467 (string)

}

1 : { »

source : product-security@qualcomm.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://source.android.com/security/bulletin/2017-07-01 (string)

}

2 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.securityfocus.com/bid/99467 (string)

}

3 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://source.android.com/security/bulletin/2017-07-01 (string)

}

]

sourceIdentifier : product-security@qualcomm.com (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-326 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object