Sign-up

ID

VAR-201709-0150


CVE

CVE-2014-0997


TITLE

Used on multiple devices Android Data processing vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2014-008389

DESCRIPTION

WiFiMonitor in Android 4.4.4 as used in the Nexus 5 and 4, Android 4.2.2 as used in the LG D806, Android 4.2.2 as used in the Samsung SM-T310, Android 4.1.2 as used in the Motorola RAZR HD, and potentially other unspecified Android releases before 5.0.1 and 5.0.2 does not properly handle exceptions, which allows remote attackers to cause a denial of service (reboot) via a crafted 802.11 probe response frame. Used on multiple devices Android Contains a data processing vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Wi-Fi Direct can support a pair of connected devices, enabling simultaneous connection of multiple devices, and the Wi-Fi Direct standard will support all Wi-Fi devices. Multiple Android Devices have a denial of service vulnerability that allows an attacker to initiate a denial of service attack. Successfully exploiting this issue will allow attackers to cause denial-of-service conditions

Trust: 2.43

sources: NVD: CVE-2014-0997 // JVNDB: JVNDB-2014-008389 // CNVD: CNVD-2015-00728 // BID: 72311

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2015-00728

AFFECTED PRODUCTS

vendor:googlemodel:androidscope:eqversion:4.4.4

Trust: 1.6

vendor:googlemodel:androidscope:eqversion:4.1.2

Trust: 1.6

vendor:googlemodel:androidscope:eqversion:4.2.2

Trust: 1.6

vendor:googlemodel:androidscope:eqversion:4.1.2 (motorola razr hd)

Trust: 0.8

vendor:googlemodel:androidscope:eqversion:4.2.2 (lg d806)

Trust: 0.8

vendor:googlemodel:androidscope:eqversion:4.2.2 (samsung sm-t310)

Trust: 0.8

vendor:googlemodel:androidscope:eqversion:4.4.4 (nexus 4)

Trust: 0.8

vendor:googlemodel:androidscope:eqversion:4.4.4 (nexus 5)

Trust: 0.8

vendor:wi fimodel:alliance wi-fi directscope: - version: -

Trust: 0.6

vendor:samsungmodel:sm-t310scope:eqversion:0

Trust: 0.3

vendor:motorolamodel:razr hdscope:eqversion:0

Trust: 0.3

vendor:lgmodel:d806scope:eqversion:0

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:5

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:4

Trust: 0.3

sources: CNVD: CNVD-2015-00728 // BID: 72311 // JVNDB: JVNDB-2014-008389 // CNNVD: CNNVD-201501-666 // NVD: CVE-2014-0997

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-0997
value: HIGH

Trust: 1.0

NVD: CVE-2014-0997
value: HIGH

Trust: 0.8

CNVD: CNVD-2015-00728
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201501-666
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2014-0997
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2015-00728
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2014-0997
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2015-00728 // JVNDB: JVNDB-2014-008389 // CNNVD: CNNVD-201501-666 // NVD: CVE-2014-0997

PROBLEMTYPE DATA

problemtype:CWE-19

Trust: 1.8

sources: JVNDB: JVNDB-2014-008389 // NVD: CVE-2014-0997

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201501-666

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201501-666

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-008389

PATCH
title:Top Pageurl:https://www.android.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-008389

EXTERNAL IDS
db:NVDid:CVE-2014-0997
Trust: 3.3
db:BIDid:72311
Trust: 2.5
db:PACKETSTORMid:130107
Trust: 1.6
db:EXPLOIT-DBid:35913
Trust: 1.6
db:JVNDBid:JVNDB-2014-008389
Trust: 0.8
db:CNVDid:CNVD-2015-00728
Trust: 0.6
db:NSFOCUSid:29108
Trust: 0.6
db:CNNVDid:CNNVD-201501-666
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2015-00728 // 
            
            
            
            BID: 72311 // 
            
            
            
            JVNDB: JVNDB-2014-008389 // 
            
            
            
            CNNVD: CNNVD-201501-666 // 
            
            
            
            NVD: CVE-2014-0997

REFERENCES
url:https://www.coresecurity.com/advisories/android-wifi-direct-denial-service
Trust: 2.4
url:http://www.securityfocus.com/bid/72311
Trust: 2.2
url:http://packetstormsecurity.com/files/130107/android-wifi-direct-denial-of-service.html
Trust: 1.6
url:http://seclists.org/fulldisclosure/2015/jan/104
Trust: 1.6
url:https://www.exploit-db.com/exploits/35913/
Trust: 1.6
url:http://www.securityfocus.com/archive/1/534544/100/0/threaded
Trust: 1.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0997
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2014-0997
Trust: 0.8
url:http://www.securityfocus.com/archive/1/archive/1/534544/100/0/threaded
Trust: 0.6
url:http://www.nsfocus.net/vulndb/29108
Trust: 0.6
url:http://code.google.com/android/
Trust: 0.3
url:http://www.coresecurity.com/advisories/android-wifi-direct-denial-service 
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2015-00728 // 
            
            
            
            BID: 72311 // 
            
            
            
            JVNDB: JVNDB-2014-008389 // 
            
            
            
            CNNVD: CNNVD-201501-666 // 
            
            
            
            NVD: CVE-2014-0997

CREDITS
Andres Blanco from the CoreLabs Team
Trust: 0.9
sources:
            
            
            BID: 72311 // 
            
            
            
            CNNVD: CNNVD-201501-666

SOURCES
db:CNVDid:CNVD-2015-00728
db:BIDid:72311
db:JVNDBid:JVNDB-2014-008389
db:CNNVDid:CNNVD-201501-666
db:NVDid:CVE-2014-0997

LAST UPDATE DATE
2024-11-23T22:38:25.930000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2015-00728date:2015-01-30T00:00:00
db:BIDid:72311date:2015-01-26T00:00:00
db:JVNDBid:JVNDB-2014-008389date:2017-10-23T00:00:00
db:CNNVDid:CNNVD-201501-666date:2017-09-30T00:00:00
db:NVDid:CVE-2014-0997date:2024-11-21T02:03:11.430

SOURCES RELEASE DATE
db:CNVDid:CNVD-2015-00728date:2015-01-29T00:00:00
db:BIDid:72311date:2015-01-26T00:00:00
db:JVNDBid:JVNDB-2014-008389date:2017-10-23T00:00:00
db:CNNVDid:CNNVD-201501-666date:2015-01-28T00:00:00
db:NVDid:CVE-2014-0997date:2017-09-26T01:29:00.177