Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2008-2235

OpenSC before 0.11.5 uses weak permissions (ADMIN file control information of 00) for the 5015 directory on smart cards and USB crypto tokens running Siemens CardOS M4, which allows physically proximate attackers to change the PIN.

Published

2008-08-01T14:41:00.000

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 4.9 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:N/I:C/A:N

  • Access Vector: LOCAL
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: NONE
  • Integrity Impact: COMPLETE
  • Availability Impact: NONE
Exploitability Score

3.9

Impact Score

6.9

Weaknesses
  • Type: Primary
    CWE-310
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System siemens cardos m4 No
Application opensc-project opensc 0.3.2 Yes
Application opensc-project opensc 0.3.5 Yes
Application opensc-project opensc 0.4.0 Yes
Application opensc-project opensc 0.6.0 Yes
Application opensc-project opensc 0.6.1 Yes
Application opensc-project opensc 0.7.0 Yes
Application opensc-project opensc 0.8 Yes
Application opensc-project opensc 0.8.0.0 Yes
Application opensc-project opensc 0.8.1 Yes
Application opensc-project opensc 0.9 Yes
Application opensc-project opensc 0.9.6 Yes
Application opensc-project opensc 0.9.7 Yes
Application opensc-project opensc 0.9.7 Yes
Application opensc-project opensc 0.9.7 Yes
Application opensc-project opensc 0.9.8 Yes
Application opensc-project opensc 0.11.0 Yes
Application opensc-project opensc 0.11.1 Yes
Application opensc-project opensc 0.11.2 Yes
Application opensc-project opensc 0.11.3 Yes
Application opensc-project opensc 0.11.3 Yes
Application opensc-project opensc 0.11.4 Yes
References