Vulnerability Name:

CVE-2011-3975 (CCN-70270)

Assigned:2011-10-02
Published:2011-10-02
Updated:2017-08-29
Summary:A certain HTC update for Android 2.3.4 build GRJ22, when the Sense interface is used on the HTC EVO 3D, EVO 4G, ThunderBolt, and unspecified other devices, provides the HtcLoggers.apk application, which allows user-assisted remote attackers to obtain a list of telephone numbers from a log, and other sensitive information, by leveraging the android.permission.INTERNET application permission and establishing TCP sessions to 127.0.0.1 on port 65511 and a second port.
CVSS v3 Severity:7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:2.6 Low (CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N)
2.1 Low (Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N/E:U/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
7.1 High (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:N/A:N)
5.8 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:N/A:N/E:U/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-200
Vulnerability Consequences:Obtain Information
References:Source: MITRE
Type: CNA
CVE-2011-3975

Source: MISC
Type: UNKNOWN
http://news.cnet.com/8301-1035_3-20114556-94/

Source: CCN
Type: Android Police
Massive Security Vulnerability In HTC Android Devices (EVO 3D, 4G, Thunderbolt, Others) Exposes Phone Numbers, GPS, SMS, Emails Addresses, Much More

Source: MISC
Type: UNKNOWN
http://www.androidpolice.com/2011/10/01/massive-security-vulnerability-in-htc-android-devices-evo-3d-4g-thunderbolt-others-exposes-phone-numbers-gps-sms-emails-addresses-much-more/

Source: CCN
Type: HTC Web site
HTC

Source: CCN
Type: OSVDB ID: 76804
Android Multiple HTC Devices Sense Interface HtcLoggers.apk Application android.permission.INTERNET Weakness Remote Information Disclosure

Source: BID
Type: UNKNOWN
49916

Source: CCN
Type: BID-49916
Multiple HTC devices 'HtcLoggers.apk' Application Information Disclosure Vulnerability

Source: MISC
Type: UNKNOWN
http://www.thetechherald.com/article.php/201140/7676/HTC-looking-into-vulnerability-reports

Source: CCN
Type: ZDNet
Major security hole claimed in some HTC Android smartphones

Source: XF
Type: UNKNOWN
htc-htcloggers-info-disclosure(70270)

Source: XF
Type: UNKNOWN
htc-htcloggers-info-disclosure(70270)

Vulnerable Configuration:Configuration 1:
  • cpe:/o:google:android:2.3.4:*:*:*:*:*:*:*
  • AND
  • cpe:/h:htc:evo_3d:*:*:*:*:*:*:*:*
  • OR cpe:/h:htc:evo_4g:*:*:*:*:*:*:*:*
  • OR cpe:/h:htc:thunderbolt:*:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/h:htc:evo_view_4g:-:*:*:*:*:*:*:*
  • OR cpe:/h:htc:thunderbolt:*:*:*:*:*:*:*:*
  • OR cpe:/h:htc:evo_4g:*:*:*:*:*:*:*:*
  • OR cpe:/h:htc:evo_3d:*:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    google android 2.3.4
    htc evo 3d *
    htc evo 4g *
    htc thunderbolt *
    htc evo view 4g -
    htc thunderbolt *
    htc evo 4g *
    htc evo 3d *