CVE Details for CVE: CVE-2015-4640
Summary
The SwiftKey language-pack update implementation on Samsung Galaxy S4, S4 Mini, S5, and S6 devices relies on an HTTP connection to the skslm.swiftkey.net server, which allows man-in-the-middle attackers to write to language-pack files by modifying an HTTP response. NOTE: CVE-2015-4640 exploitation can be combined with CVE-2015-4641 exploitation for man-in-the-middle code execution.
| Timestamps | |
|---|---|
| Last major update | 07-12-2016 - 18:13 |
| Published | 19-06-2015 - 14:59 |
| Last modified | 07-12-2016 - 18:13 |
References
- https://github.com/nowsecure/samsung-ime-rce-poc/
- http://arstechnica.com/security/2015/06/new-exploit-turns-samsung-galaxy-phones-into-remote-bugging-devices/
- https://www.nowsecure.com/keyboard-vulnerability/
- https://www.nowsecure.com/blog/2015/06/16/remote-code-execution-as-system-user-on-samsung-phones/
- http://www.kb.cert.org/vuls/id/155412
- http://www.securityfocus.com/bid/75347
Vulnerable Configurations
-
cpe:2.3:a:swiftkey:swiftkey_sdk:*:*:*:*:*:*:*:*
cpe:2.3:a:swiftkey:swiftkey_sdk:*:*:*:*:*:*:*:*
-
cpe:2.3:h:samsung:galaxy_s4:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:galaxy_s4:*:*:*:*:*:*:*:*
-
cpe:2.3:h:samsung:galaxy_s4_mini:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:galaxy_s4_mini:*:*:*:*:*:*:*:*
-
cpe:2.3:h:samsung:galaxy_s5:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:galaxy_s5:*:*:*:*:*:*:*:*
-
cpe:2.3:h:samsung:galaxy_s6:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:galaxy_s6:*:*:*:*:*:*:*:*
CWE
CVSS
Base
2.9
Impact
2.9
Exploitability
5.5
Access
| Vector | Complexity | Authentication |
|---|---|---|
| ADJACENT_NETWORK | MEDIUM | NONE |
Impact
| Confidentiality | Integrity | Availability |
|---|---|---|
| NONE | PARTIAL | NONE |
CVSS3
None
VIA4 references
cvss-vector
via4
refmap
via4