Details of VAR-201510-0742

ID

VAR-201510-0742

TITLE

Voice over LTE implementations contain multiple vulnerabilities

Trust: 0.8

sources: CERT/CC: VU#943167

DESCRIPTION

Communication network for mobile terminals Long Term Evolution (LTE) Has spread around the world in recent years. these LTE All communication networks IP It uses a packet-switched system instead of the circuit-switched system as before. This change in method allows for attacks that were not possible in the past. LTE At present, some networks and mobile application implementations have multiple issues that can lead to privacy violations, unauthorized charges, and spoofing. Current LTE The communication network uses packet switching instead of the previous generation circuit switching. Packet switching and IP Protocols, especially Session Initiation Protocol (SIP) The use of allows new types of attack techniques that were not possible with previous generations. These attack techniques are well known in the security world. For example, Voice over IP (VoIP) See past attacks against. Several LTE As a result of security researchers investigating communication networks, the following vulnerabilities were discovered. LTE Communication network implementations vary from carrier to carrier, and all of these vulnerabilities are LTE Note that it does not exist on the network. Improper access rights to sensitive information (CW-732) Android OS The permission model of LTE It does not match the usage of the communication network. CALL_PHONE Even without permissions, INTERNET If you only have permissions, SIP/IP You can make a call by sending a packet, and you will not be notified. Such calls are made continuously, resulting in excessive billing and denial of service. (DoS) Could lead to CWE-732: Incorrect Permission Assignment for Critical Resource http://cwe.mitre.org/data/definitions/732.html Apple Is iOS Reports that it is not affected by this issue. Improper access control (CWE-284) In some networks, 2 Between two mobile phones ( peer to peer ) Establish a session directly with SIP Communication outside the control of the server is possible. These communications are not charged by the provider. Such communications could be used for spoofing phone numbers or for video calls over free data. CWE-284: Improper Access Control http://cwe.mitre.org/data/definitions/284.html Insufficient certification (CWE-287) In some networks, SIP The message is not properly authenticated. This can lead to spoofing of phone numbers. CWE-287: Improper Authentication http://cwe.mitre.org/data/definitions/287.html Session fixation (CWE-384) In some networks, 1 Voice communication per user 1 Not limited to sessions SIP It is possible to establish a session. As a result, service operation interruption to the communication network (DoS) Attack is possible. It can also be used by attackers to establish peer-to-peer communication. CWE-384: Session Fixation http://cwe.mitre.org/data/definitions/384.html Each provider's communication network LTE The implementation of may be affected by one or more of these issues. For more information, ACM CCS 2015 Announced at Kim Papers by the authors "Breaking and Fixing VoLTE: Exploiting Hidden Data Channels and Mis-Implementations" Please refer to. ACM CCS 2015 http://www.sigsac.org/ccs/CCS2015/pro_paper.html Breaking and Fixing VoLTE: Exploiting Hidden Data Channels and Mis-Implementations http://dl.acm.org/citation.cfm?id=2813718An attacker using the network could establish peer-to-peer communication to obtain data from other terminals or spoof a telephone number. Also, malicious Android Applications may make calls without the terminal user's knowledge. Authentication bypass vulnerability 2. Security bypass vulnerability 3. Session fixation vulnerability. Attackers can use these vulnerabilities to gain unauthorized access, bypass authentication mechanisms, inject arbitrary sessions, or gain access to sensitive information. Multiple security-bypass vulnerabilities 3

Trust: 2.79

sources: CERT/CC: VU#943167 // JVNDB: JVNDB-2015-005381 // CNVD: CNVD-2015-07638 // CNNVD: CNNVD-201511-070 // BID: 77409

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2015-07638

AFFECTED PRODUCTS

vendor:	google	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	multiple vendors	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	3gpp	model:	long term evolution	scope:	-	version:	-	Trust: 0.6
vendor:	long	model:	term evolution long term evolution	scope:	eq	version:	0	Trust: 0.3
vendor:	google	model:	android	scope:	eq	version:	0	Trust: 0.3

sources: CERT/CC: VU#943167 // CNVD: CNVD-2015-07638 // BID: 77409 // JVNDB: JVNDB-2015-005381

CVSS

SEVERITY

CVSSV2

CVSSV3

IPA:	JVNDB-2015-005381
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2015-07638
value:	MEDIUM
Trust: 0.6

IPA:	JVNDB-2015-005381
severity:	MEDIUM
baseScore:	5.5
vectorString:	AV:N/AC:L/AU:S/C:N/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2015-07638
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2015-07638 // JVNDB: JVNDB-2015-005381

PROBLEMTYPE DATA

problemtype:	CWE-Other	Trust: 0.8
problemtype:	CWE-287	Trust: 0.8

sources: JVNDB: JVNDB-2015-005381

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201511-070

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201511-070

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-005381

EXTERNAL IDS

db:	CERT/CC	id:	VU#943167	Trust: 1.9
db:	BID	id:	77409	Trust: 1.5
db:	JVN	id:	JVNVU93463833	Trust: 0.8
db:	JVNDB	id:	JVNDB-2015-005381	Trust: 0.8
db:	CNVD	id:	CNVD-2015-07638	Trust: 0.6
db:	CNNVD	id:	CNNVD-201511-070	Trust: 0.6

sources: CERT/CC: VU#943167 // CNVD: CNVD-2015-07638 // BID: 77409 // JVNDB: JVNDB-2015-005381 // CNNVD: CNNVD-201511-070

REFERENCES

url:	http://dl.acm.org/citation.cfm?id=2813718	Trust: 1.6
url:	http://www.sigsac.org/ccs/ccs2015/pro_paper.html	Trust: 1.6
url:	http://www.securityfocus.com/bid/77409	Trust: 1.2
url:	http://www.kb.cert.org/vuls/id/943167	Trust: 1.1
url:	https://sslab.gtisc.gatech.edu/pages/publications.html#/	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu93463833/	Trust: 0.8
url:	https://sslab.gtisc.gatech.edu/pages/publications.html#kim:volte	Trust: 0.8
url:	http://www.3gpp.org/technologies/keywords-acronyms/98-lte	Trust: 0.3

sources: CERT/CC: VU#943167 // CNVD: CNVD-2015-07638 // BID: 77409 // JVNDB: JVNDB-2015-005381 // CNNVD: CNNVD-201511-070

CREDITS

Hongil Kim, Dongkwan Kim, Minhee Kwon, Hyungseok Han, Yeongjin Jang, Dongsu Han, Taesoo Kim, and Yongdae Kim

Trust: 0.9

sources: BID: 77409 // CNNVD: CNNVD-201511-070

SOURCES

db:	CERT/CC	id:	VU#943167
db:	CNVD	id:	CNVD-2015-07638
db:	BID	id:	77409
db:	JVNDB	id:	JVNDB-2015-005381
db:	CNNVD	id:	CNNVD-201511-070

LAST UPDATE DATE

2022-05-17T01:45:19.913000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#943167	date:	2015-10-20T00:00:00
db:	CNVD	id:	CNVD-2015-07638	date:	2015-11-18T00:00:00
db:	BID	id:	77409	date:	2015-10-20T00:00:00
db:	JVNDB	id:	JVNDB-2015-005381	date:	2015-10-21T00:00:00
db:	CNNVD	id:	CNNVD-201511-070	date:	2015-11-05T00:00:00

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#943167	date:	2015-10-16T00:00:00
db:	CNVD	id:	CNVD-2015-07638	date:	2015-11-18T00:00:00
db:	BID	id:	77409	date:	2015-10-20T00:00:00
db:	JVNDB	id:	JVNDB-2015-005381	date:	2015-10-21T00:00:00
db:	CNNVD	id:	CNNVD-201511-070	date:	2015-10-20T00:00:00