CVE-2015-7888 - OpenCVE

Directory traversal vulnerability in the WifiHs20UtilityService on the Samsung S6 Edge LRX22G.G925VVRU1AOE2 allows remote attackers to overwrite or create arbitrary files as the system-level user via a .. (dot dot) in the name of a file, compressed into a zipped file named cred.zip, and downloaded to /sdcard/Download.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Complete

Availability Impact None

AV:N/AC:L/Au:N/C:N/I:C/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Samsung	Galaxy S6 Edge Firmware Galaxy S6 Edge

Configuration 1 [-]

AND

cpe:2.3:o:samsung:galaxy_s6_edge_firmware:g925vvru1aoe2:*:*:*:*:*:*:*

cpe:2.3:h:samsung:galaxy_s6_edge:-:*:*:*:*:*:*:*

References

Link	Resource
http://packetstormsecurity.com/files/134104/Samsung-WifiHs20UtilityService-Path-Traversal.html	Third Party Advisory
http://www.securityfocus.com/bid/77338	Third Party Advisory VDB Entry
https://bugs.chromium.org/p/project-zero/issues/detail?id=489&q=samsung&redir=1	Issue Tracking Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2017-06-07T14:00:00

Updated: 2017-08-15T11:57:01

Reserved: 2015-10-22T00:00:00

Link: CVE-2015-7888

JSON object: View

NVD Information

Status : Analyzed

Published: 2017-06-07T14:29:00.353

Modified: 2017-06-14T14:49:36.967

Link: CVE-2015-7888

JSON object: View

Redhat Information

No data.

CWE

CWE-22

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-07-29T00:00:00", "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in the WifiHs20UtilityService on the Samsung S6 Edge LRX22G.G925VVRU1AOE2 allows remote attackers to overwrite or create arbitrary files as the system-level user via a .. (dot dot) in the name of a file, compressed into a zipped file named cred.zip, and downloaded to /sdcard/Download."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-15T11:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "77338", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/77338"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/134104/Samsung-WifiHs20UtilityService-Path-Traversal.html"}, {"tags": ["x_refsource_MISC"], "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=489&q=samsung&redir=1"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-7888", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Directory traversal vulnerability in the WifiHs20UtilityService on the Samsung S6 Edge LRX22G.G925VVRU1AOE2 allows remote attackers to overwrite or create arbitrary files as the system-level user via a .. (dot dot) in the name of a file, compressed into a zipped file named cred.zip, and downloaded to /sdcard/Download."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "77338", "refsource": "BID", "url": "http://www.securityfocus.com/bid/77338"}, {"name": "http://packetstormsecurity.com/files/134104/Samsung-WifiHs20UtilityService-Path-Traversal.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/134104/Samsung-WifiHs20UtilityService-Path-Traversal.html"}, {"name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=489&q=samsung&redir=1", "refsource": "MISC", "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=489&q=samsung&redir=1"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-7888", "datePublished": "2017-06-07T14:00:00", "dateReserved": "2015-10-22T00:00:00", "dateUpdated": "2017-08-15T11:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:samsung:galaxy_s6_edge_firmware:g925vvru1aoe2:*:*:*:*:*:*:*", "matchCriteriaId": "54149730-A95F-4F6F-8EE6-D74A08359347", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:samsung:galaxy_s6_edge:-:*:*:*:*:*:*:*", "matchCriteriaId": "64C60E27-871F-4B77-87A5-9F9F20DCA2D3", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in the WifiHs20UtilityService on the Samsung S6 Edge LRX22G.G925VVRU1AOE2 allows remote attackers to overwrite or create arbitrary files as the system-level user via a .. (dot dot) in the name of a file, compressed into a zipped file named cred.zip, and downloaded to /sdcard/Download."}, {"lang": "es", "value": "Vulnerabilidad de salto de directorio en WifiHs20UtilityService en el Samsung S6 Edge LRX22G.G925VVRU1AOE2, permite a atacantes remotos sobrescribir o crear archivos arbitrarios como un usuario a nivel de sistema a trav\u00e9s de .. (punto punto) en un archivo comprimido en Cred.zip, y descargado en /sdcard/Download."}], "id": "CVE-2015-7888", "lastModified": "2017-06-14T14:49:36.967", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-06-07T14:29:00.353", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://packetstormsecurity.com/files/134104/Samsung-WifiHs20UtilityService-Path-Traversal.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/77338"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=489&q=samsung&redir=1"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}