Detections
Analytics
Google Android Operating System < 4.4.4 Multiple Vulnerabilities
low Nessus Network Monitor Plugin ID 8328
Synopsis
The remote device is affected by multiple vulnerabilities.Description
Google Android Operating System prior to 4.4.4 is affected by the following vulnerabilities:- There is a DoS vulnerability within the NFC service's bluetooth simple pairing message implementation. A physically present attacker can leverage this to crash the NFC service.
- Flaws within the com.android.phone.Phone and com.android.contacts components can be leveraged to initiate phone calls to arbitrary numbers. (CVE-2013-6272)
Solution
Upgrade to Google Android Operating System version 4.4.4 or later.See Also
http://seclists.org/bugtraq/2014/Jul/35
http://packetstormsecurity.com/files/127405/Android-NFC-Denial-Of-Service.html
http://thehackernews.com/2014/07/android-vulnerability-allows.html
https://blog.curesec.com/article/blog/35.html
http://www.itworld.com/security/426032/android-bug-lets-apps-make-rogue-phone-calls
http://packetstormsecurity.com/files/127359/Android-OS-Authorization-Missing.html
Plugin Details
Severity: Low
ID: 8328
Family: Mobile Devices
Published: 7/16/2014
Updated: 3/6/2019
Risk Information
VPR
Risk Factor: High
Score: 8.9
CVSS v2
Risk Factor: Medium
Base Score: 4.3
Temporal Score: 3.4
Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS v3
Risk Factor: Low
Base Score: 3.7
Temporal Score: 3.4
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
Vulnerability Information
CPE: cpe:/o:google:android
Patch Publication Date: 7/9/2014
Vulnerability Publication Date: 7/5/2014
Reference Information
CVE: CVE-2013-6272