[Japanese]

JVNDB-2014-000138

OS command injection vulnerability in multiple FUJITSU Android devices

Overview

Multiple FUJITSU Android devices contain an OS command injection vulnerability.

Masaaki Chida of GREE, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 6.2 (Medium) [IPA Score]
  • Access Vector: Local
  • Access Complexity: High
  • Authentication: None
  • Confidentiality Impact: Complete
  • Integrity Impact: Complete
  • Availability Impact: Complete
Affected Products

Multiple products are affected. For more information, refer to the information provided by the provider.

(Multiple Venders)
  • (Multiple Products)

Impact

An attacker with local access may obtain root privileges and execute arbitrary OS commands.
Solution

[Apply an Update]
Apply the appropriate update according to the information provided by the provider.
Vendor Information

NTT DOCOMO, INC.
CWE (What is CWE?)

  1. OS Command Injection(CWE-78) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2014-7253
References

  1. JVN : JVN#06302787
  2. National Vulnerability Database (NVD) : CVE-2014-7253
Revision History

  • [2014/12/02]
      Web page was published
    [2014/12/09]
      References : Content was added

Date Public2014/12/02
Date First Published2014/12/02
Date Last Updated2014/12/09