nvd-json-data-feeds/CVE-2008/CVE-2008-39xx/CVE-2008-3972.json

{
  "id": "CVE-2008-3972",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2008-09-11T01:13:47.807",
  "lastModified": "2017-08-08T01:32:18.653",
  "vulnStatus": "Modified",
  "evaluatorSolution": "Direct Patch Link - http://www.opensc-project.org/files/opensc/opensc-0.11.6.tar.gz",
  "descriptions": [
    {
      "lang": "en",
      "value": "pkcs15-tool in OpenSC before 0.11.6 does not apply security updates to a smart card unless the card's label matches the \"OpenSC\" string, which might allow physically proximate attackers to exploit vulnerabilities that the card owner expected were patched, as demonstrated by exploitation of CVE-2008-2235."
    },
    {
      "lang": "es",
      "value": "pkcs15-tool en OpenSC antes de 0.11.6 no aplica las actualizaciones de seguridad a una tarjeta inteligente a menos que la etiqueta de la tarjeta corresponda con la cadena \"OpenSC\", lo que podr\u00eda permitir a atacantes f\u00edsicamente pr\u00f3ximos explotar vulnerabilidades que el propietario de la tarjeta cre\u00eda que estaban parcheadas, como se demostr\u00f3 con la explotaci\u00f3n de CVE-2008-2235."
    }
  ],
  "metrics": {
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:C/A:C",
          "accessVector": "LOCAL",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "NONE",
          "integrityImpact": "COMPLETE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.6
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 3.9,
        "impactScore": 9.2,
        "acInsufInfo": true,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ]
    }
  ],
  "configurations": [
    {
      "operator": "AND",
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:opensc-project:opensc:*:*:*:*:*:*:*:*",
              "versionEndIncluding": "0.11.5",
              "matchCriteriaId": "5C5385FB-359D-4A1D-9CC7-803536F497CE"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:opensc-project:opensc:0.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "471DBF4E-54B8-4776-A0BA-0F65FE02192E"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:opensc-project:opensc:0.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BC7891E-1898-442A-96BB-5B8EE5A5B400"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:opensc-project:opensc:0.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA4321E6-1D08-489C-948F-2673C30D762C"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:opensc-project:opensc:0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8498096A-19A9-4C09-99C3-CC1C45D6BA40"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:opensc-project:opensc:0.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5028CF13-2807-4813-A542-A1CD6E735CC5"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:opensc-project:opensc:0.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE75F1ED-E653-482C-B960-42DA2854E974"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:opensc-project:opensc:0.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "931CE287-97AF-4B73-BA57-FB9B9AAA7016"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:opensc-project:opensc:0.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "04701B8B-523A-4148-805C-419336D91CA2"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:opensc-project:opensc:0.9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2194636B-7F74-4EC2-A02F-CE0F29914D76"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:opensc-project:opensc:0.9.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1D617E6-4EEC-4024-92D7-930F9A90F6DF"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:opensc-project:opensc:0.9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "428986EC-328E-49F8-AAE7-EECD97F6B6FC"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:opensc-project:opensc:0.9.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A64E85D-B1A7-48FB-8438-8173249ED817"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:opensc-project:opensc:0.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "13234C4B-7598-46B1-A8F0-7C0C863DE4C5"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:opensc-project:opensc:0.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFC7C1A0-83AA-4989-A023-0B22B95133B9"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:opensc-project:opensc:0.11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B093D7C9-242E-4CC7-9971-71D9AE19A7F7"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:opensc-project:opensc:0.11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "353AFA23-88C0-45AA-B9EF-EF7A4DC6AFE3"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:opensc-project:opensc:0.11.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA2024C5-238A-4734-B8C6-D4F99EEFBC07"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:opensc-project:opensc:0.11.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF611D89-FA24-4421-A8A8-5290629C81D1"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:opensc-project:opensc:0.11.3:pre3:*:*:*:*:*:*",
              "matchCriteriaId": "0ECCFF79-6515-42F8-B986-4C06BE1F79D6"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:opensc-project:opensc:0.11.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A74B19CB-8AFB-4A07-9A84-063BFF47E089"
            }
          ]
        },
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": false,
              "criteria": "cpe:2.3:o:siemens:cardos:m4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FEF8B710-EAF0-4381-B1C5-B2EAA91737DE"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html",
      "source": "cve@mitre.org"
    },
    {
      "url": "http://www.opensc-project.org/pipermail/opensc-announce/2008-August/000021.html",
      "source": "cve@mitre.org"
    },
    {
      "url": "http://www.openwall.com/lists/oss-security/2008/09/09/14",
      "source": "cve@mitre.org"
    },
    {
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45045",
      "source": "cve@mitre.org"
    },
    {
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00686.html",
      "source": "cve@mitre.org"
    }
  ]
}