Vulnerability Details : CVE-2008-3972
pkcs15-tool in OpenSC before 0.11.6 does not apply security updates to a smart card unless the card's label matches the "OpenSC" string, which might allow physically proximate attackers to exploit vulnerabilities that the card owner expected were patched, as demonstrated by exploitation of CVE-2008-2235.
Products affected by CVE-2008-3972
- cpe:2.3:a:opensc-project:opensc:*:*:*:*:*:*:*:*
- cpe:2.3:a:opensc-project:opensc:0.11.2:*:*:*:*:*:*:*
- cpe:2.3:a:opensc-project:opensc:0.11.3:*:*:*:*:*:*:*
- cpe:2.3:a:opensc-project:opensc:0.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:opensc-project:opensc:0.11.3:pre3:*:*:*:*:*:*
- cpe:2.3:a:opensc-project:opensc:0.11.4:*:*:*:*:*:*:*
- cpe:2.3:a:opensc-project:opensc:0.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:opensc-project:opensc:0.9.6:*:*:*:*:*:*:*
- cpe:2.3:a:opensc-project:opensc:0.11.0:*:*:*:*:*:*:*
- cpe:2.3:a:opensc-project:opensc:0.11.1:*:*:*:*:*:*:*
- cpe:2.3:a:opensc-project:opensc:0.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:opensc-project:opensc:0.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:opensc-project:opensc:0.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:opensc-project:opensc:0.10.0:*:*:*:*:*:*:*
- cpe:2.3:a:opensc-project:opensc:0.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:opensc-project:opensc:0.10.1:*:*:*:*:*:*:*
- cpe:2.3:a:opensc-project:opensc:0.9.5:*:*:*:*:*:*:*
- cpe:2.3:a:opensc-project:opensc:0.9.4:*:*:*:*:*:*:*
- cpe:2.3:a:opensc-project:opensc:0.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:opensc-project:opensc:0.9.3:*:*:*:*:*:*:*
- cpe:2.3:a:opensc-project:opensc:0.9.2:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2008-3972
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 25 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2008-3972
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.6
|
MEDIUM | AV:L/AC:L/Au:N/C:N/I:C/A:C |
3.9
|
9.2
|
NIST |
CWE ids for CVE-2008-3972
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-3972
-
http://www.openwall.com/lists/oss-security/2008/09/09/14
oss-security - Re: opensc 0.11.6 with fixed security update
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/45045
OpenSC pkcs15-tool weak security CVE-2008-3972 Vulnerability Report
-
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00686.html
[SECURITY] Fedora 9 Update: opensc-0.11.7-1.fc9
-
http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2008:019 - openSUSE Security Announce - openSUSE Mailing Lists
-
http://www.opensc-project.org/pipermail/opensc-announce/2008-August/000021.html
Page not found – opensc-project.org
Jump to