CVE-2015-4640 - OpenCVE

The SwiftKey language-pack update implementation on Samsung Galaxy S4, S4 Mini, S5, and S6 devices relies on an HTTP connection to the skslm.swiftkey.net server, which allows man-in-the-middle attackers to write to language-pack files by modifying an HTTP response. NOTE: CVE-2015-4640 exploitation can be combined with CVE-2015-4641 exploitation for man-in-the-middle code execution.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:A/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Samsung	Galaxy S4 Galaxy S4 Mini Galaxy S5 Galaxy S6
Swiftkey	Swiftkey Sdk

Configuration 1 [-]

AND

cpe:2.3:a:swiftkey:swiftkey_sdk:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:samsung:galaxy_s4::::::::
	cpe:2.3:h:samsung:galaxy_s4_mini::::::::
	cpe:2.3:h:samsung:galaxy_s5::::::::
	cpe:2.3:h:samsung:galaxy_s6::::::::

No data.

References

Link	Providers
http://arstechnica.com/security/2015/06/new-exploit-turns-samsung-galaxy-phones-into-remote-bugging-devices/
http://www.kb.cert.org/vuls/id/155412
http://www.securityfocus.com/bid/75347
https://github.com/nowsecure/samsung-ime-rce-poc/
https://www.nowsecure.com/blog/2015/06/16/remote-code-execution-as-system-user-on-samsung-phones/
https://www.nowsecure.com/keyboard-vulnerability/

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2015-06-19T14:00:00

Updated: 2024-08-06T06:18:12.041Z

Reserved: 2015-06-17T00:00:00

Link: CVE-2015-4640

Vulnrichment

No data.

NVD

Status : Modified

Published: 2015-06-19T14:59:01.347

Modified: 2016-12-07T18:13:37.027

Link: CVE-2015-4640

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-06-16T00:00:00", "descriptions": [{"lang": "en", "value": "The SwiftKey language-pack update implementation on Samsung Galaxy S4, S4 Mini, S5, and S6 devices relies on an HTTP connection to the skslm.swiftkey.net server, which allows man-in-the-middle attackers to write to language-pack files by modifying an HTTP response. NOTE: CVE-2015-4640 exploitation can be combined with CVE-2015-4641 exploitation for man-in-the-middle code execution."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-12-05T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.nowsecure.com/keyboard-vulnerability/"}, {"tags": ["x_refsource_MISC"], "url": "https://www.nowsecure.com/blog/2015/06/16/remote-code-execution-as-system-user-on-samsung-phones/"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/nowsecure/samsung-ime-rce-poc/"}, {"name": "75347", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/75347"}, {"tags": ["x_refsource_MISC"], "url": "http://arstechnica.com/security/2015/06/new-exploit-turns-samsung-galaxy-phones-into-remote-bugging-devices/"}, {"name": "VU#155412", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/155412"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-4640", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The SwiftKey language-pack update implementation on Samsung Galaxy S4, S4 Mini, S5, and S6 devices relies on an HTTP connection to the skslm.swiftkey.net server, which allows man-in-the-middle attackers to write to language-pack files by modifying an HTTP response. NOTE: CVE-2015-4640 exploitation can be combined with CVE-2015-4641 exploitation for man-in-the-middle code execution."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.nowsecure.com/keyboard-vulnerability/", "refsource": "MISC", "url": "https://www.nowsecure.com/keyboard-vulnerability/"}, {"name": "https://www.nowsecure.com/blog/2015/06/16/remote-code-execution-as-system-user-on-samsung-phones/", "refsource": "MISC", "url": "https://www.nowsecure.com/blog/2015/06/16/remote-code-execution-as-system-user-on-samsung-phones/"}, {"name": "https://github.com/nowsecure/samsung-ime-rce-poc/", "refsource": "MISC", "url": "https://github.com/nowsecure/samsung-ime-rce-poc/"}, {"name": "75347", "refsource": "BID", "url": "http://www.securityfocus.com/bid/75347"}, {"name": "http://arstechnica.com/security/2015/06/new-exploit-turns-samsung-galaxy-phones-into-remote-bugging-devices/", "refsource": "MISC", "url": "http://arstechnica.com/security/2015/06/new-exploit-turns-samsung-galaxy-phones-into-remote-bugging-devices/"}, {"name": "VU#155412", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/155412"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T06:18:12.041Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.nowsecure.com/keyboard-vulnerability/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.nowsecure.com/blog/2015/06/16/remote-code-execution-as-system-user-on-samsung-phones/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/nowsecure/samsung-ime-rce-poc/"}, {"name": "75347", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/75347"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://arstechnica.com/security/2015/06/new-exploit-turns-samsung-galaxy-phones-into-remote-bugging-devices/"}, {"name": "VU#155412", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/155412"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-4640", "datePublished": "2015-06-19T14:00:00", "dateReserved": "2015-06-17T00:00:00", "dateUpdated": "2024-08-06T06:18:12.041Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:swiftkey:swiftkey_sdk:*:*:*:*:*:*:*:*", "matchCriteriaId": "88F176E3-EC85-4B8C-B5DF-8EF79949F24E", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:samsung:galaxy_s4:*:*:*:*:*:*:*:*", "matchCriteriaId": "FB2AC272-BB5F-4817-959D-2A4ECF1626E2", "vulnerable": false}, {"criteria": "cpe:2.3:h:samsung:galaxy_s4_mini:*:*:*:*:*:*:*:*", "matchCriteriaId": "B11D6B24-F216-47CF-9614-F27940CBD091", "vulnerable": false}, {"criteria": "cpe:2.3:h:samsung:galaxy_s5:*:*:*:*:*:*:*:*", "matchCriteriaId": "41DE2B05-3057-4F9F-A33D-6A01B4E19E65", "vulnerable": false}, {"criteria": "cpe:2.3:h:samsung:galaxy_s6:*:*:*:*:*:*:*:*", "matchCriteriaId": "55A63E34-ACAD-4577-9965-02E294955906", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The SwiftKey language-pack update implementation on Samsung Galaxy S4, S4 Mini, S5, and S6 devices relies on an HTTP connection to the skslm.swiftkey.net server, which allows man-in-the-middle attackers to write to language-pack files by modifying an HTTP response. NOTE: CVE-2015-4640 exploitation can be combined with CVE-2015-4641 exploitation for man-in-the-middle code execution."}, {"lang": "es", "value": "La implementaci\u00f3n de la actualizaci\u00f3n del paquete de lenguas SwiftKey en los dispositivos Samsung Galaxy S4, S4 Mini, S5, y S6 depende de una conexi\u00f3n HTTP al servidor skslm.swiftkey.net, lo que permite a atacantes man-in-the-middle escribir en ficheros del paquete de lenguas mediante la modificaci\u00f3n de una respuesta HTTP. NOTA: La explotaci\u00f3n de CVE-2015-4640 puede combinarse con la explotaci\u00f3n de CVE-2015-4641 para la ejecuci\u00f3n de c\u00f3digo man-in-the-middle."}], "id": "CVE-2015-4640", "lastModified": "2016-12-07T18:13:37.027", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.9, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:A/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 5.5, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-06-19T14:59:01.347", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://arstechnica.com/security/2015/06/new-exploit-turns-samsung-galaxy-phones-into-remote-bugging-devices/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/155412"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/75347"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "https://github.com/nowsecure/samsung-ime-rce-poc/"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "https://www.nowsecure.com/blog/2015/06/16/remote-code-execution-as-system-user-on-samsung-phones/"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "https://www.nowsecure.com/keyboard-vulnerability/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-254"}], "source": "nvd@nist.gov", "type": "Primary"}]}