Details of VAR-201412-0590

ID

VAR-201412-0590

CVE

CVE-2014-7253

TITLE

OS command injection vulnerability in multiple FUJITSU Android devices

Trust: 0.8

sources: JVNDB: JVNDB-2014-000138

DESCRIPTION

FUJITSU F-12C, ARROWS Tab LTE F-01D, ARROWS Kiss F-03D, and REGZA Phone T-01D for Android allows local users to execute arbitrary commands via unspecified vectors. Multiple FUJITSU Android devices contain an OS command injection vulnerability. Masaaki Chida of GREE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An attacker with local access may obtain root privileges and execute arbitrary OS commands. Fujitsu is the world's leading provider of ICT integrated services for industry solutions for the global market

Trust: 2.43

sources: NVD: CVE-2014-7253 // JVNDB: JVNDB-2014-000138 // CNVD: CNVD-2014-08713 // BID: 71414

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2014-08713

AFFECTED PRODUCTS

vendor:	fujitsu	model:	arrows kiss f-03d	scope:	eq	version:	-	Trust: 1.6
vendor:	fujitsu	model:	arrows tab lte f-01d	scope:	eq	version:	-	Trust: 1.6
vendor:	fujitsu	model:	f-12c	scope:	eq	version:	-	Trust: 1.6
vendor:	fujitsu	model:	regza phone t-01d	scope:	eq	version:	-	Trust: 1.6
vendor:	multiple venders	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	fujitsu	model:	f-12c	scope:	-	version:	-	Trust: 0.6
vendor:	fujitsu	model:	arrows tab lte f-01d	scope:	-	version:	-	Trust: 0.6
vendor:	fujitsu	model:	regza phone t-01d	scope:	-	version:	-	Trust: 0.6
vendor:	fujitsu	model:	arrows kiss f-03d	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2014-08713 // JVNDB: JVNDB-2014-000138 // CNNVD: CNNVD-201412-130 // NVD: CVE-2014-7253

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-7253
value:	HIGH
Trust: 1.0
IPA:	JVNDB-2014-000138
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2014-08713
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201412-130
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2014-7253
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
IPA:	JVNDB-2014-000138
severity:	MEDIUM
baseScore:	6.2
vectorString:	AV:L/AC:H/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2014-08713
severity:	MEDIUM
baseScore:	6.2
vectorString:	AV:L/AC:H/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	1.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2014-08713 // JVNDB: JVNDB-2014-000138 // CNNVD: CNNVD-201412-130 // NVD: CVE-2014-7253

PROBLEMTYPE DATA

problemtype:

CWE-78

Trust: 1.8

sources: JVNDB: JVNDB-2014-000138 // NVD: CVE-2014-7253

THREAT TYPE

local

Trust: 0.9

sources: BID: 71414 // CNNVD: CNNVD-201412-130

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201412-130

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-000138

PATCH

title:	Information from NTT DOCOMO, INC.	url:	http://jvn.jp/en/jp/JVN06302787/995312/index.html	Trust: 0.8
title:	Patches for Unknown OS Command Injection Vulnerabilities in Multiple FUJITSU Products	url:	https://www.cnvd.org.cn/patchInfo/show/52411	Trust: 0.6

sources: CNVD: CNVD-2014-08713 // JVNDB: JVNDB-2014-000138

EXTERNAL IDS

db:	NVD	id:	CVE-2014-7253	Trust: 3.3
db:	JVN	id:	JVN06302787	Trust: 2.4
db:	JVNDB	id:	JVNDB-2014-000138	Trust: 2.4
db:	BID	id:	71414	Trust: 0.9
db:	CNVD	id:	CNVD-2014-08713	Trust: 0.6
db:	CNNVD	id:	CNNVD-201412-130	Trust: 0.6

sources: CNVD: CNVD-2014-08713 // BID: 71414 // JVNDB: JVNDB-2014-000138 // CNNVD: CNNVD-201412-130 // NVD: CVE-2014-7253

REFERENCES

url:	http://jvn.jp/en/jp/jvn06302787/index.html	Trust: 2.4
url:	http://jvndb.jvn.jp/ja/contents/2014/jvndb-2014-000138.html	Trust: 1.6
url:	http://jvn.jp/en/jp/jvn06302787/995312/index.html	Trust: 1.6
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-7253	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-7253	Trust: 0.8
url:	http://www.securityfocus.com/bid/71414	Trust: 0.6

sources: CNVD: CNVD-2014-08713 // JVNDB: JVNDB-2014-000138 // CNNVD: CNNVD-201412-130 // NVD: CVE-2014-7253

CREDITS

Masaaki Chida of GREE

Trust: 0.3

sources: BID: 71414

SOURCES

db:	CNVD	id:	CNVD-2014-08713
db:	BID	id:	71414
db:	JVNDB	id:	JVNDB-2014-000138
db:	CNNVD	id:	CNNVD-201412-130
db:	NVD	id:	CVE-2014-7253

LAST UPDATE DATE

2024-08-14T15:39:55.324000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-08713	date:	2014-12-04T00:00:00
db:	BID	id:	71414	date:	2014-12-02T00:00:00
db:	JVNDB	id:	JVNDB-2014-000138	date:	2014-12-09T00:00:00
db:	CNNVD	id:	CNNVD-201412-130	date:	2014-12-15T00:00:00
db:	NVD	id:	CVE-2014-7253	date:	2014-12-08T13:54:39.737

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2014-08713	date:	2014-12-04T00:00:00
db:	BID	id:	71414	date:	2014-12-02T00:00:00
db:	JVNDB	id:	JVNDB-2014-000138	date:	2014-12-02T00:00:00
db:	CNNVD	id:	CNNVD-201412-130	date:	2014-12-08T00:00:00
db:	NVD	id:	CVE-2014-7253	date:	2014-12-05T17:59:02.103