Details of VAR-201601-0687

ID

VAR-201601-0687

CVE

CVE-2015-6841

TITLE

Silent Circle Blackphone Security Bypass Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2016-00379 // CNNVD: CNNVD-201601-286

DESCRIPTION

SilentCircleBlackphone is a smartphone with privacy protection. SilentCircleBlackphone has a security vulnerability that allows an attacker to exploit the vulnerability to bypass security restrictions and perform unauthorized operations. Silent Circle Blackphone is prone to a security-bypass vulnerability. Successful exploits may lead to other attacks

Trust: 0.81

sources: CNVD: CNVD-2016-00379 // BID: 80023

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2016-00379

AFFECTED PRODUCTS

vendor:	silent	model:	circle blackphone	scope:	-	version:	-	Trust: 0.6
vendor:	silent	model:	circle blackphone	scope:	eq	version:	1	Trust: 0.3
vendor:	silent	model:	circle blackphone rc3	scope:	ne	version:	1.1.13	Trust: 0.3

sources: CNVD: CNVD-2016-00379 // BID: 80023

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2016-00379
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2016-00379
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2016-00379

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201601-286

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201601-286

PATCH

title:

SilentCircleBlackphone security bypass vulnerability patch

url:

https://www.cnvd.org.cn/patchinfo/show/70260

Trust: 0.6

sources: CNVD: CNVD-2016-00379

EXTERNAL IDS

db:	NVD	id:	CVE-2015-6841	Trust: 1.5
db:	BID	id:	80023	Trust: 1.5
db:	CNVD	id:	CNVD-2016-00379	Trust: 0.6
db:	CNNVD	id:	CNNVD-201601-286	Trust: 0.6

sources: CNVD: CNVD-2016-00379 // BID: 80023 // CNNVD: CNNVD-201601-286

REFERENCES

url:	http://www.securityfocus.com/bid/80023	Trust: 1.2
url:	https://www.silentcircle.com/products-and-solutions/devices/	Trust: 0.3
url:	https://www.sentinelone.com/blog/vulnerability-in-blackphone-puts-devices-at-risk-for-takeover/	Trust: 0.3

sources: CNVD: CNVD-2016-00379 // BID: 80023 // CNNVD: CNNVD-201601-286

CREDITS

Caleb Fenton, Jacob Soo and Jon Sawyer of Red Naga.

Trust: 0.9

sources: BID: 80023 // CNNVD: CNNVD-201601-286

SOURCES

db:	CNVD	id:	CNVD-2016-00379
db:	BID	id:	80023
db:	CNNVD	id:	CNNVD-201601-286

LAST UPDATE DATE

2022-05-04T10:27:05.486000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2016-00379	date:	2016-01-20T00:00:00
db:	BID	id:	80023	date:	2016-01-06T00:00:00
db:	CNNVD	id:	CNNVD-201601-286	date:	2016-01-15T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2016-00379	date:	2016-01-20T00:00:00
db:	BID	id:	80023	date:	2016-01-06T00:00:00
db:	CNNVD	id:	CNNVD-201601-286	date:	2016-01-15T00:00:00