Sign-up

ID

VAR-201103-0349


CVE

CVE-2011-1472


TITLE

Nokia E75 Firmware Lock Code Authentication Bypass Vulnerability

Trust: 0.9

sources: BID: 47022 // CNNVD: CNNVD-201103-339

DESCRIPTION

The Nokia E75 phone with firmware before 211.12.01 allows physically proximate attackers to bypass the Device Lock code by entering an unspecified button sequence at boot time. Nokia E72 is prone to an authentication-bypass vulnerability. Nokia E75 is a smartphone launched by Nokia Corporation. ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Nokia E75 Lock Code Bypass Vulnerability SECUNIA ADVISORY ID: SA43827 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43827/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43827 RELEASE DATE: 2011-03-24 DISCUSS ADVISORY: http://secunia.com/advisories/43827/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43827/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43827 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Nokia E75, which can be exploited by malicious people with physical access to bypass certain security restrictions. The vulnerability is reported in firmware prior to 211.12.01. SOLUTION: Update to firmware 211.12.01 or later. PROVIDED AND/OR DISCOVERED BY: Markus Heikkil\xe4, Nixu Oy via CERT-FI. ORIGINAL ADVISORY: http://www.cert.fi/en/reports/2011/vulnerability410355.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2011-1472 // JVNDB: JVNDB-2011-004398 // BID: 47022 // VULHUB: VHN-49417 // PACKETSTORM: 99708

AFFECTED PRODUCTS

vendor:nokiamodel:e75scope: - version: -

Trust: 1.6

vendor:nokiamodel:e75scope:eqversion:210.12.15

Trust: 1.6

vendor:nokiamodel:e75scope:eqversion:*

Trust: 1.0

vendor:nokiamodel:e75scope:lteversion:211.12

Trust: 1.0

vendor:nokiamodel:e75scope:eqversion:211.12

Trust: 0.6

vendor:nokiamodel:e75scope:eqversion:0

Trust: 0.3

vendor:nokiamodel:e75scope:neversion:211.12.01

Trust: 0.3

sources: BID: 47022 // JVNDB: JVNDB-2011-004398 // CNNVD: CNNVD-201103-339 // NVD: CVE-2011-1472

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2011-1472
value: HIGH

Trust: 1.0

NVD: CVE-2011-1472
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201103-339
value: HIGH

Trust: 0.6

VULHUB: VHN-49417
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2011-1472
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-49417
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-49417 // JVNDB: JVNDB-2011-004398 // CNNVD: CNNVD-201103-339 // NVD: CVE-2011-1472

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-49417 // JVNDB: JVNDB-2011-004398 // NVD: CVE-2011-1472

THREAT TYPE

local

Trust: 0.9

sources: BID: 47022 // CNNVD: CNNVD-201103-339

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201103-339

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2011-004398

PATCH
title:Nokia E75 supporturl:http://europe.nokia.com/support/product-support/nokia-e75
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2011-004398

EXTERNAL IDS
db:NVDid:CVE-2011-1472
Trust: 2.8
db:BIDid:47022
Trust: 2.0
db:SECUNIAid:43827
Trust: 1.8
db:JVNDBid:JVNDB-2011-004398
Trust: 0.8
db:CNNVDid:CNNVD-201103-339
Trust: 0.7
db:NSFOCUSid:16628
Trust: 0.6
db:VULHUBid:VHN-49417
Trust: 0.1
db:PACKETSTORMid:99708
Trust: 0.1
sources:
            
            
            VULHUB: VHN-49417 // 
            
            
            
            BID: 47022 // 
            
            
            
            JVNDB: JVNDB-2011-004398 // 
            
            
            
            PACKETSTORM: 99708 // 
            
            
            
            CNNVD: CNNVD-201103-339 // 
            
            
            
            NVD: CVE-2011-1472

REFERENCES
url:http://www.cert.fi/en/reports/2011/vulnerability410355.html
Trust: 2.1
url:http://www.securityfocus.com/bid/47022
Trust: 1.7
url:http://secunia.com/advisories/43827
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/66322
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1472
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-1472
Trust: 0.8
url:http://www.nsfocus.net/vulndb/16628
Trust: 0.6
url:http://www.nokia.com
Trust: 0.3
url:https://ca.secunia.com/?page=viewadvisory&vuln_id=43827
Trust: 0.1
url:http://secunia.com/advisories/43827/#comments
Trust: 0.1
url:http://secunia.com/products/corporate/evm/
Trust: 0.1
url:http://secunia.com/advisories/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
Trust: 0.1
url:http://secunia.com/company/events/mms_2011/
Trust: 0.1
url:http://secunia.com/vulnerability_scanning/personal/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/advisories/43827/
Trust: 0.1
url:http://secunia.com/advisories/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-49417 // 
            
            
            
            BID: 47022 // 
            
            
            
            JVNDB: JVNDB-2011-004398 // 
            
            
            
            PACKETSTORM: 99708 // 
            
            
            
            CNNVD: CNNVD-201103-339 // 
            
            
            
            NVD: CVE-2011-1472

CREDITS
Markus Heikkilä, Nixu Oy
Trust: 0.3
sources:
            
            
            BID: 47022

SOURCES
db:VULHUBid:VHN-49417
db:BIDid:47022
db:JVNDBid:JVNDB-2011-004398
db:PACKETSTORMid:99708
db:CNNVDid:CNNVD-201103-339
db:NVDid:CVE-2011-1472

LAST UPDATE DATE
2025-04-11T23:16:48.120000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-49417date:2017-08-17T00:00:00
db:BIDid:47022date:2011-03-24T00:00:00
db:JVNDBid:JVNDB-2011-004398date:2012-03-27T00:00:00
db:CNNVDid:CNNVD-201103-339date:2011-04-02T00:00:00
db:NVDid:CVE-2011-1472date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-49417date:2011-03-29T00:00:00
db:BIDid:47022date:2011-03-24T00:00:00
db:JVNDBid:JVNDB-2011-004398date:2012-03-27T00:00:00
db:PACKETSTORMid:99708date:2011-03-24T02:15:06
db:CNNVDid:CNNVD-201103-339date:2011-03-30T00:00:00
db:NVDid:CVE-2011-1472date:2011-03-29T18:55:02.410