JVN#06302787
OS command injection vulnerability in multiple FUJITSU Android devices
Overview
Multiple FUJITSU Android devices contain an OS command injection vulnerability.
Products Affected
Multiple products are affected.
For more information, refer to the information provided by the provider.
Description
Multiple FUJITSU Android devices contain an OS command injection vulnerability.
Impact
An attacker with local access may obtain root privileges and execute arbitrary OS commands.
Solution
Apply an Update
Apply the appropriate update according to the information provided by the provider.
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Analyzed on 2014.12.02 (CVSS Base Metrics)
| Measures | Severity | Description | ||
|---|---|---|---|---|
| Access Vector(AV) | Local (L) | Adjacent Network (A) | Network (N) | A vulnerability exploitable with only local access requires the attacker to have either physical access to the vulnerable system or a local (shell) account. |
| Access Complexity(AC) | High (H) | Medium (M) | Low (L) | Specialized access conditions exist. |
| Authentication(Au) | Multiple (M) | Single (S) | None (N) | Authentication is not required to exploit the vulnerability. |
| Confidentiality Impact(C) | None (N) | Partial (P) | Complete (C) | There is total information disclosure, resulting in all system files being revealed. |
| Integrity Impact(I) | None (N) | Partial (P) | Complete (C) | There is a total compromise of system integrity. There is a complete loss of system protection, resulting in the entire system being compromised. |
| Availability Impact(A) | None (N) | Partial (P) | Complete (C) | There is a total shutdown of the affected resource. |
Base Score:6.2
Comment
This analysis was performed under the assumption that physical access to the device is necessary.
Credit
Masaaki Chida of GREE, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Other Information
| JPCERT Alert | |
| JPCERT Reports | |
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2014-7253 |
| JVN iPedia |
JVNDB-2014-000138 |