CVE-2011-3975

Published Oct 3, 2011

Last updated 7 years ago

Overview

Description: A certain HTC update for Android 2.3.4 build GRJ22, when the Sense interface is used on the HTC EVO 3D, EVO 4G, ThunderBolt, and unspecified other devices, provides the HtcLoggers.apk application, which allows user-assisted remote attackers to obtain a list of telephone numbers from a log, and other sensitive information, by leveraging the android.permission.INTERNET application permission and establishing TCP sessions to 127.0.0.1 on port 65511 and a second port.
Source: cve@mitre.org
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 2.6
Impact score: 2.9
Exploitability score: 4.9
Vector string: AV:N/AC:H/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-200

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:google:android:2.3.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D634E2E3-4E8A-4C88-A6BF-DBE7439EB3B0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:htc:evo_3d:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F8C77876-DC0F-42CB-B795-0BB5A0A7559A"
          },
          {
            "criteria": "cpe:2.3:h:htc:evo_4g:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8905569F-33A9-4C8A-A27F-B1385FE68A5F"
          },
          {
            "criteria": "cpe:2.3:h:htc:thunderbolt:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "15115C5B-BC98-4585-AF8D-CFA668AF6551"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References