Details of VAR-201603-0023

ID

VAR-201603-0023

CVE

CVE-2016-0818

TITLE

Android of Conscrypt of TrustManagerImpl.java of TrustManagerImpl Vulnerability impersonating server in class

Trust: 0.8

sources: JVNDB: JVNDB-2016-001795

DESCRIPTION

The caching functionality in the TrustManagerImpl class in TrustManagerImpl.java in Conscrypt in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 mishandles the distinction between an intermediate CA and a trusted root CA, which allows man-in-the-middle attackers to spoof servers by leveraging access to an intermediate CA to issue a certificate, aka internal bug 26232830. Vendors have confirmed this vulnerability Bug 26232830 It is released as. Supplementary information : CWE Vulnerability type by CWE-254: Security Features ( Security function ) ,and CWE-345: Insufficient Verification of Data Authenticity ( Inadequate verification of data reliability ) Has been identified. http://cwe.mitre.org/data/definitions/254.html http://cwe.mitre.org/data/definitions/345.htmlMan-in-the-middle attacks (man-in-the-middle attack) By the middle CA There is a possibility of impersonating a server by using access to and issuing a certificate. GoogleNexus is a series of smart devices based on the Android operating system developed by Google Inc. of the United States, including mobile phones and tablets. The smart device is powered by Google and licensed to partner hardware vendors for manufacturing. There is a security vulnerability in Concrypt, a version of GoogleNexusBuildsLMY49H. A remote attacker can exploit a vulnerability to implement a man-in-the-middle attack, gain access, or execute arbitrary code

Trust: 2.25

sources: NVD: CVE-2016-0818 // JVNDB: JVNDB-2016-001795 // CNVD: CNVD-2016-01547 // VULMON: CVE-2016-0818

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2016-01547

AFFECTED PRODUCTS

vendor:	google	model:	android	scope:	eq	version:	4.4.1	Trust: 1.6
vendor:	google	model:	android	scope:	eq	version:	4.2	Trust: 1.6
vendor:	google	model:	android	scope:	eq	version:	4.2.1	Trust: 1.6
vendor:	google	model:	android	scope:	eq	version:	4.4	Trust: 1.6
vendor:	google	model:	android	scope:	eq	version:	4.3.1	Trust: 1.6
vendor:	google	model:	android	scope:	eq	version:	4.1.2	Trust: 1.6
vendor:	google	model:	android	scope:	eq	version:	4.4.3	Trust: 1.6
vendor:	google	model:	android	scope:	eq	version:	4.4.2	Trust: 1.6
vendor:	google	model:	android	scope:	eq	version:	4.2.2	Trust: 1.6
vendor:	google	model:	android	scope:	eq	version:	4.3	Trust: 1.6
vendor:	google	model:	android	scope:	eq	version:	6.0	Trust: 1.0
vendor:	google	model:	android	scope:	eq	version:	4.0	Trust: 1.0
vendor:	google	model:	android	scope:	eq	version:	5.0.1	Trust: 1.0
vendor:	google	model:	android	scope:	eq	version:	5.0	Trust: 1.0
vendor:	google	model:	android	scope:	eq	version:	5.1.0	Trust: 1.0
vendor:	google	model:	android	scope:	eq	version:	4.1	Trust: 1.0
vendor:	google	model:	android	scope:	eq	version:	4.0.2	Trust: 1.0
vendor:	google	model:	android	scope:	eq	version:	4.0.1	Trust: 1.0
vendor:	google	model:	android	scope:	eq	version:	5.1.1	Trust: 1.0
vendor:	google	model:	android	scope:	eq	version:	4.0.4	Trust: 1.0
vendor:	google	model:	android	scope:	eq	version:	5.1	Trust: 1.0
vendor:	google	model:	android	scope:	eq	version:	6.0.1	Trust: 1.0
vendor:	google	model:	android	scope:	eq	version:	5.0.2	Trust: 1.0
vendor:	google	model:	android	scope:	eq	version:	4.0.3	Trust: 1.0
vendor:	google	model:	android	scope:	eq	version:	5.1.1 lmy49h	Trust: 0.8
vendor:	google	model:	android	scope:	lt	version:	5.x	Trust: 0.8
vendor:	google	model:	android	scope:	lt	version:	2016-03-01 earlier 6.x	Trust: 0.8
vendor:	google	model:	android	scope:	eq	version:	4.4.4	Trust: 0.8
vendor:	google	model:	android	scope:	lt	version:	4.x	Trust: 0.8
vendor:	google	model:	nexus lmy49h	scope:	lt	version:	-	Trust: 0.6

sources: CNVD: CNVD-2016-01547 // JVNDB: JVNDB-2016-001795 // CNNVD: CNNVD-201603-090 // NVD: CVE-2016-0818

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-0818
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2016-0818
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2016-01547
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201603-090
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2016-0818
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-0818
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2016-01547
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2016-0818
baseSeverity:	MEDIUM
baseScore:	5.9
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	2.2
impactScore:	3.6
version:	3.0
Trust: 1.0

sources: CNVD: CNVD-2016-01547 // VULMON: CVE-2016-0818 // JVNDB: JVNDB-2016-001795 // CNNVD: CNNVD-201603-090 // NVD: CVE-2016-0818

PROBLEMTYPE DATA

problemtype:	CWE-254	Trust: 1.0
problemtype:	CWE-345	Trust: 1.0
problemtype:	CWE-Other	Trust: 0.8

sources: JVNDB: JVNDB-2016-001795 // NVD: CVE-2016-0818

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201603-090

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201603-090

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-001795

PATCH

title:	Prevent duplicate certificates in TrustedCertificateIndex	url:	https://android.googlesource.com/platform/external/conscrypt/+/4c9f9c2201116acf790fca25af43995d29980ee0	Trust: 0.8
title:	Cache intermediate CA separately	url:	https://android.googlesource.com/platform/external/conscrypt/+/c4ab1b959280413fb11bf4fd7f6b4c2ba38bd779	Trust: 0.8
title:	Nexus Security Bulletin - March 2016	url:	http://source.android.com/security/bulletin/2016-03-01.html	Trust: 0.8
title:	Patch for GoogleNexusConscrypt man-in-the-middle attack vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/72459	Trust: 0.6
title:	Android Conscrypt Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60450	Trust: 0.6
title:	Android Security Bulletins: Nexus Security Bulletin - March 2016	url:	https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins&qid=bdec4bc902496de72a50f4fbaa9a726a	Trust: 0.1
title:	Threatpost	url:	https://threatpost.com/google-fixes-critical-android-mediaserver-bugs-again/116614/	Trust: 0.1

sources: CNVD: CNVD-2016-01547 // VULMON: CVE-2016-0818 // JVNDB: JVNDB-2016-001795 // CNNVD: CNNVD-201603-090

EXTERNAL IDS

db:	NVD	id:	CVE-2016-0818	Trust: 3.1
db:	SECUNIA	id:	69391	Trust: 1.2
db:	BID	id:	84245	Trust: 1.1
db:	JVNDB	id:	JVNDB-2016-001795	Trust: 0.8
db:	CNVD	id:	CNVD-2016-01547	Trust: 0.6
db:	CNNVD	id:	CNNVD-201603-090	Trust: 0.6
db:	VULMON	id:	CVE-2016-0818	Trust: 0.1

sources: CNVD: CNVD-2016-01547 // VULMON: CVE-2016-0818 // JVNDB: JVNDB-2016-001795 // CNNVD: CNNVD-201603-090 // NVD: CVE-2016-0818

REFERENCES

url:	http://source.android.com/security/bulletin/2016-03-01.html	Trust: 2.4
url:	https://android.googlesource.com/platform/external/conscrypt/+/4c9f9c2201116acf790fca25af43995d29980ee0	Trust: 1.7
url:	https://android.googlesource.com/platform/external/conscrypt/+/c4ab1b959280413fb11bf4fd7f6b4c2ba38bd779	Trust: 1.7
url:	http://secunia.com/advisories/69391	Trust: 1.2
url:	http://www.securityfocus.com/bid/84245	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0818	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-0818	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/345.html	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/254.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://threatpost.com/google-fixes-critical-android-mediaserver-bugs-again/116614/	Trust: 0.1

sources: CNVD: CNVD-2016-01547 // VULMON: CVE-2016-0818 // JVNDB: JVNDB-2016-001795 // CNNVD: CNNVD-201603-090 // NVD: CVE-2016-0818

SOURCES

db:	CNVD	id:	CNVD-2016-01547
db:	VULMON	id:	CVE-2016-0818
db:	JVNDB	id:	JVNDB-2016-001795
db:	CNNVD	id:	CNNVD-201603-090
db:	NVD	id:	CVE-2016-0818

LAST UPDATE DATE

2025-04-13T22:39:57.492000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2016-01547	date:	2016-03-10T00:00:00
db:	VULMON	id:	CVE-2016-0818	date:	2016-11-28T00:00:00
db:	JVNDB	id:	JVNDB-2016-001795	date:	2016-03-22T00:00:00
db:	CNNVD	id:	CNNVD-201603-090	date:	2016-03-14T00:00:00
db:	NVD	id:	CVE-2016-0818	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2016-01547	date:	2016-03-10T00:00:00
db:	VULMON	id:	CVE-2016-0818	date:	2016-03-12T00:00:00
db:	JVNDB	id:	JVNDB-2016-001795	date:	2016-03-22T00:00:00
db:	CNNVD	id:	CNNVD-201603-090	date:	2016-03-09T00:00:00
db:	NVD	id:	CVE-2016-0818	date:	2016-03-12T21:59:02.807