CVE-2014-0997

Current Description

WiFiMonitor in Android 4.4.4 as used in the Nexus 5 and 4, Android 4.2.2 as used in the LG D806, Android 4.2.2 as used in the Samsung SM-T310, Android 4.1.2 as used in the Motorola RAZR HD, and potentially other unspecified Android releases before 5.0.1 and 5.0.2 does not properly handle exceptions, which allows remote attackers to cause a denial of service (reboot) via a crafted 802.11 probe response frame.

Basic Data

PublishedSeptember 26, 2017
Last ModifiedOctober 09, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-19
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score5.0
SeverityMEDIUM
Exploitability Score10.0
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

CVSS 3 - Version3.0
CVSS 3 - Vector StringCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS 3 - Attack VectorNETWORK
CVSS 3 - Attack ComplexityLOW
CVSS 3 - Privileges RequiredNONE
CVSS 3 - User InteractionNONE
CVSS 3 - ScopeUNCHANGED
CVSS 3 - Confidentiality ImpactNONE
CVSS 3 - Integrity ImpactNONE
CVSS 3 - Availability ImpactHIGH
CVSS 3 - Base Score7.5
CVSS 3 - Base SeverityHIGH
Exploitability Score3.9
Base SeverityHIGH

Configurations

  • AND
    • OR - Configuration 1
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3OSGoogleAndroid4.4.4*******
    • OR Running on/with:
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3HardwareGoogleNexus 4-*******
      2.3HardwareGoogleNexus 5-*******
  • AND
    • OR - Configuration 2
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3OSGoogleAndroid4.2.2*******
    • OR Running on/with:
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3HardwareLgD806-*******
      2.3HardwareSamsungSm-t310-*******
  • AND
    • OR - Configuration 3
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3OSGoogleAndroid4.1.2*******
    • OR Running on/with:
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3HardwareMotorolaRazr Hd-*******

Vulnerable Software List

VendorProductVersions
Google Android 4.1.2, 4.2.2, 4.4.4

References

NameSourceURLTags
http://packetstormsecurity.com/files/130107/Android-WiFi-Direct-Denial-Of-Service.htmlhttp://packetstormsecurity.com/files/130107/Android-WiFi-Direct-Denial-Of-Service.htmlMISCExploit Issue Tracking Third Party Advisory VDB Entry
20150126 [CORE-2015-0002] - Android WiFi-Direct Denial of Servicehttp://seclists.org/fulldisclosure/2015/Jan/104FULLDISCExploit Issue Tracking Mailing List Third Party Advisory
20150126 [CORE-2015-0002] - Android WiFi-Direct Denial of Servicehttp://www.securityfocus.com/archive/1/534544/100/0/threadedBUGTRAQ
72311http://www.securityfocus.com/bid/72311BIDThird Party Advisory VDB Entry
https://www.coresecurity.com/advisories/android-wifi-direct-denial-servicehttps://www.coresecurity.com/advisories/android-wifi-direct-denial-serviceMISCExploit Issue Tracking Third Party Advisory
35913https://www.exploit-db.com/exploits/35913/EXPLOIT-DBExploit Issue Tracking Third Party Advisory VDB Entry