| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 5.1 | $0-$5k | 0.00 |
A vulnerability classified as critical was found in Google Android up to 2.1 (Smartphone Operating System). This vulnerability affects some unknown processing of the component SSL Certificate. The manipulation with an unknown input leads to a cryptographic issues vulnerability. The CWE definition for the vulnerability is CWE-310. As an impact it is known to affect integrity. CVE summarizes:
Android OS before 2.2 does not display the correct SSL certificate in certain cases, which might allow remote attackers to spoof trusted web sites via a web page containing references to external sources in which (1) the certificate of the last loaded resource is checked, instead of for the main page, or (2) later certificates are not checked when the HTTPS connection is reused.
The weakness was published 05/13/2014 (Website). The advisory is available at gitorious.org. This vulnerability was named CVE-2010-4832 since 09/02/2011. The attack can be initiated remotely. No form of authentication is required for a successful exploitation. The technical details are unknown and an exploit is not available. This vulnerability is assigned to T1600 by the MITRE ATT&CK project.
Upgrading to version 1.0 eliminates this vulnerability.
The vulnerability is also documented in the databases at X-Force (95698), SecurityFocus (BID 48940†) and Vulnerability Center (SBV-47783†).
Product
Type
Vendor
Name
Version
License
CPE 2.3
CPE 2.2
CVSSv4
VulDB CVSS-B Score: 🔍VulDB CVSS-BT Score: 🔍
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.3VulDB Meta Temp Score: 5.1
VulDB Base Score: 5.3
VulDB Temp Score: 5.1
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| unlock | unlock | unlock | unlock | unlock | unlock |
| unlock | unlock | unlock | unlock | unlock | unlock |
| unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Cryptographic issuesCWE: CWE-310
CAPEC: 🔍
ATT&CK: 🔍
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | unlock | unlock | unlock | unlock |
|---|---|---|---|---|
| Today | unlock | unlock | unlock | unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: Android 1.0
Patch: dba8cb76371960457e91b31fa396478f809a5a34
Timeline
07/29/2011 🔍07/29/2011 🔍
09/02/2011 🔍
05/13/2014 🔍
05/13/2014 🔍
12/23/2014 🔍
03/25/2015 🔍
03/21/2022 🔍
Sources
Vendor: google.comAdvisory: dba8cb76371960457e91b31fa396478f809a5a34
Status: Not defined
Confirmation: 🔍
CVE: CVE-2010-4832 (🔍)
X-Force: 95698
SecurityFocus: 48940 - Open Handset Alliance Android SSL Certificate Spoofing Vulnerability
Vulnerability Center: 47783 - Google Android <2.2 Remote Spoofing Vulnerability via a Web Page Containing References to External Sources, Medium
scip Labs: https://www.scip.ch/en/?labs.20150917
Entry
Created: 03/25/2015 04:45 PMUpdated: 03/21/2022 10:53 AM
Changes: 03/25/2015 04:45 PM (57), 06/16/2017 04:32 AM (4), 03/21/2022 10:53 AM (5)
Complete: 🔍
Cache ID: 18:D07:40
No comments yet. Languages: en.
Please log in to comment.