Sign-up

ID

VAR-201201-0285


CVE

CVE-2011-4704


TITLE

Voxofon Remote Unauthorized Access Vulnerability

Trust: 0.9

sources: CNVD: CNVD-2012-0412 // BID: 51686

DESCRIPTION

The Voxofon (com.voxofon) application before 2.5.2 for Android does not properly protect data, which allows remote attackers to read or modify SMS information via a crafted application. Voxofon is a VoIP program. Voxofon has security vulnerabilities that allow malicious applications to access and modify sensitive information, including SMS content, timestamps, contact phone numbers, delivery status, and more. Voxofon is prone to a remote unauthorized access vulnerability. An attacker can exploit this issue to read or modify SMS related content. This may aid in further attacks. Voxofon 2.4.3 is affected; other versions may also be vulnerable. ---------------------------------------------------------------------- SC Magazine awards the Secunia CSI a 5-Star rating Top-level rating for ease of use, performance, documentation, support, and value for money. Read more and get a free trial here: http://secunia.com/blog/296 ---------------------------------------------------------------------- TITLE: Voxofon - International Calls for Android Security Bypass Security Issue SECUNIA ADVISORY ID: SA47768 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47768/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47768 RELEASE DATE: 2012-02-06 DISCUSS ADVISORY: http://secunia.com/advisories/47768/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47768/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47768 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: AppSec has reported a security issue in Voxofon - International Calls for Android, which can be exploited by malicious people to bypass certain security restrictions. The security issue is caused due to an unspecified error and can be exploited to disclose certain sensitive information like e.g. Successful exploitation requires that a malicious application is installed. The security issue is reported in version 2.4.3. SOLUTION: Reportedly fixed in version 2.5.2. PROVIDED AND/OR DISCOVERED BY: Daoyuan Wu, Xiapu Luo, and Rocky K. C. Chang Department of Computing, The Hong Kong Polytechnic University ORIGINAL ADVISORY: http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2011-4704-vulnerability-in-Voxofon.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.52

sources: NVD: CVE-2011-4704 // JVNDB: JVNDB-2012-001209 // CNVD: CNVD-2012-0412 // BID: 51686 // PACKETSTORM: 109462

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2012-0412

AFFECTED PRODUCTS

vendor:voxofonmodel:voxofonscope:eqversion:2.4.3

Trust: 1.5

vendor:voxofonmodel:voxofonscope:lteversion:2.4.3

Trust: 1.0

vendor:voxofonmodel:voxofonscope:ltversion:2.5.2

Trust: 0.8

vendor:voxofonmodel:voxofonscope:neversion:2.5.2

Trust: 0.3

sources: CNVD: CNVD-2012-0412 // BID: 51686 // JVNDB: JVNDB-2012-001209 // CNNVD: CNNVD-201201-350 // NVD: CVE-2011-4704

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2011-4704
value: MEDIUM

Trust: 1.0

NVD: CVE-2011-4704
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201201-350
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2011-4704
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

sources: JVNDB: JVNDB-2012-001209 // CNNVD: CNNVD-201201-350 // NVD: CVE-2011-4704

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.8

sources: JVNDB: JVNDB-2012-001209 // NVD: CVE-2011-4704

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201201-350

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201201-350

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2012-001209

PATCH
title:Top Pageurl:http://www.voxofon.com/call-abroad-smartphones/android/
Trust: 0.8
title:Voxofon remote unauthorised access vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/8752
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2012-0412 // 
            
            
            
            JVNDB: JVNDB-2012-001209

EXTERNAL IDS
db:NVDid:CVE-2011-4704
Trust: 3.4
db:JVNDBid:JVNDB-2012-001209
Trust: 0.8
db:CNVDid:CNVD-2012-0412
Trust: 0.6
db:CNNVDid:CNNVD-201201-350
Trust: 0.6
db:BIDid:51686
Trust: 0.3
db:SECUNIAid:47768
Trust: 0.2
db:PACKETSTORMid:109462
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2012-0412 // 
            
            
            
            BID: 51686 // 
            
            
            
            JVNDB: JVNDB-2012-001209 // 
            
            
            
            PACKETSTORM: 109462 // 
            
            
            
            CNNVD: CNNVD-201201-350 // 
            
            
            
            NVD: CVE-2011-4704

REFERENCES
url:http://www4.comp.polyu.edu.hk/~appsec/bugs/cve-2011-4704-vulnerability-in-voxofon.html
Trust: 3.4
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4704
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4704
Trust: 0.8
url:https://market.android.com/details?id=com.voxofon
Trust: 0.3
url:http://secunia.com/vulnerability_intelligence/
Trust: 0.1
url:http://secunia.com/advisories/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
Trust: 0.1
url:http://secunia.com/advisories/47768/#comments
Trust: 0.1
url:https://ca.secunia.com/?page=viewadvisory&vuln_id=47768
Trust: 0.1
url:http://secunia.com/vulnerability_scanning/personal/
Trust: 0.1
url:http://secunia.com/advisories/47768/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/blog/296
Trust: 0.1
url:http://secunia.com/advisories/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2012-0412 // 
            
            
            
            BID: 51686 // 
            
            
            
            JVNDB: JVNDB-2012-001209 // 
            
            
            
            PACKETSTORM: 109462 // 
            
            
            
            CNNVD: CNNVD-201201-350 // 
            
            
            
            NVD: CVE-2011-4704

CREDITS
Daoyuan Wu, Xiapu Luo and Rocky K. C. Chang
Trust: 0.3
sources:
            
            
            BID: 51686

SOURCES
db:CNVDid:CNVD-2012-0412
db:BIDid:51686
db:JVNDBid:JVNDB-2012-001209
db:PACKETSTORMid:109462
db:CNNVDid:CNNVD-201201-350
db:NVDid:CVE-2011-4704

LAST UPDATE DATE
2024-11-23T22:02:43.639000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2012-0412date:2012-02-03T00:00:00
db:BIDid:51686date:2012-01-26T00:00:00
db:JVNDBid:JVNDB-2012-001209date:2012-01-27T00:00:00
db:CNNVDid:CNNVD-201201-350date:2012-01-31T00:00:00
db:NVDid:CVE-2011-4704date:2024-11-21T01:32:49.423

SOURCES RELEASE DATE
db:CNVDid:CNVD-2012-0412date:2012-02-03T00:00:00
db:BIDid:51686date:2012-01-26T00:00:00
db:JVNDBid:JVNDB-2012-001209date:2012-01-27T00:00:00
db:PACKETSTORMid:109462date:2012-02-06T04:01:47
db:CNNVDid:CNNVD-201201-350date:2012-01-31T00:00:00
db:NVDid:CVE-2011-4704date:2012-01-25T04:03:28.033