| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 8.3 | $0-$5k | 0.00 |
Summary
A vulnerability marked as critical has been reported in Samsung Galaxy S5. Affected by this vulnerability is the function createFromParcel. This manipulation causes access control.
This vulnerability is tracked as CVE-2015-4034. No exploit exists.
Details
A vulnerability classified as critical was found in Samsung Galaxy S5 (Smartphone Operating System). Affected by this vulnerability is the function createFromParcel. The manipulation with an unknown input leads to a access control vulnerability. The CWE definition for the vulnerability is CWE-284. The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. As an impact it is known to affect confidentiality, integrity, and availability. The summary by CVE is:
The createFromParcel method in the com.absolute.android.persistence.MethodSpec class in Samsung Galaxy S5s allows remote attackers to execute arbitrary files via a crafted Parcelable object in a serialized MethodSpec object.
The weakness was disclosed 06/24/2015 as ZDI-15-256 as confirmed advisory (ZDI). It is possible to read the advisory at zerodayinitiative.com. This vulnerability is known as CVE-2015-4034 since 05/19/2015. The attack needs to be initiated within the local network. The exploitation doesn't need any form of authentication. Technical details of the vulnerability are known, but there is no available exploit. The attack technique deployed by this issue is T1068 according to MITRE ATT&CK.
The vulnerability is also documented in the databases at X-Force (104060), SecurityFocus (BID 75403†) and Vulnerability Center (SBV-51334†). Be aware that VulDB is the high quality source for vulnerability data.
Product
Type
Vendor
Name
Version
License
Website
- Vendor: https://www.samsung.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 9.6VulDB Meta Temp Score: 8.3
VulDB Base Score: 9.6
VulDB Temp Score: 8.3
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Access controlCWE: CWE-284 / CWE-266
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Partially
Availability: 🔍
Status: Unproven
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: no mitigation knownStatus: 🔍
0-Day Time: 🔍
Timeline
05/19/2015 🔍06/24/2015 🔍
06/24/2015 🔍
06/24/2015 🔍
06/25/2015 🔍
07/06/2015 🔍
07/15/2015 🔍
07/13/2017 🔍
Sources
Vendor: samsung.comAdvisory: ZDI-15-256
Status: Confirmed
CVE: CVE-2015-4034 (🔍)
GCVE (CVE): GCVE-0-2015-4034
GCVE (VulDB): GCVE-100-76087
X-Force: 104060 - Samsung Galaxy S5 createFromParcel() code execution
SecurityFocus: 75403 - Samsung Galaxy S5 CVE-2015-4034 Remote Code Execution Vulnerability
Vulnerability Center: 51334 - Google Android on Samsung Galaxy S5s Remote Code Execution via a Crafted Parcelable Object, High
Entry
Created: 06/25/2015 17:15Updated: 07/13/2017 09:13
Changes: 06/25/2015 17:15 (54), 07/13/2017 09:13 (8)
Complete: 🔍
Cache ID: 216::103
Be aware that VulDB is the high quality source for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.