Vulnerability Details : CVE-2015-3843
The SIM Toolkit (STK) framework in Android before 5.1.1 LMY48I allows attackers to (1) intercept or (2) emulate unspecified Telephony STK SIM commands via an application that sends a crafted Intent, related to com/android/internal/telephony/cat/AppInterface.java, aka internal bug 21697171.
Published
2015-10-01 00:59:23
Updated
2015-10-01 18:03:20
Products affected by CVE-2015-3843
- cpe:2.3:o:google:android:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-3843
0.49%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 64 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-3843
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2015-3843
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-3843
-
https://android.googlesource.com/platform/frameworks/opt/telephony/+/b48581401259439dc5ef6dcf8b0f303e4cbefbe9
b48581401259439dc5ef6dcf8b0f303e4cbefbe9 - platform/frameworks/opt/telephony - Git at Google
-
https://android.googlesource.com/platform/frameworks/base/+/a5e904e7eb3aaec532de83ca52e24af18e0496b4
a5e904e7eb3aaec532de83ca52e24af18e0496b4 - platform/frameworks/base - Git at Google
-
https://android.googlesource.com/platform/packages/apps/Stk/+/1d8e00160c07ae308e5b460214eb2a425b93ccf7
1d8e00160c07ae308e5b460214eb2a425b93ccf7 - platform/packages/apps/Stk - Git at Google
-
https://android.googlesource.com/platform/packages/services/Telephony/+/fcb1d13c320dd1a6350bc7af3166929b4d54a456
fcb1d13c320dd1a6350bc7af3166929b4d54a456 - platform/packages/services/Telephony - Git at Google
-
https://groups.google.com/forum/message/raw?msg=android-security-updates/Ugvu3fi6RQM/yzJvoTVrIQAJ
Jump to