Vulnerability Name:

CVE-2015-4640 (CCN-103900)

Assigned:2015-06-16
Published:2015-06-16
Updated:2016-12-07
Summary:The SwiftKey language-pack update implementation on Samsung Galaxy S4, S4 Mini, S5, and S6 devices relies on an HTTP connection to the skslm.swiftkey.net server, which allows man-in-the-middle attackers to write to language-pack files by modifying an HTTP response.
Note: CVE-2015-4640 exploitation can be combined with CVE-2015-4641 exploitation for man-in-the-middle code execution.
CVSS v3 Severity:6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
Exploitability Metrics:Attack Vector (AV): Adjacent
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): High
Availibility (A): None
CVSS v2 Severity:2.9 Low (CVSS v2 Vector: AV:A/AC:M/Au:N/C:N/I:P/A:N)
2.1 Low (Temporal CVSS v2 Vector: AV:A/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Adjacent_Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
5.7 Medium (CCN CVSS v2 Vector: AV:A/AC:M/Au:N/C:N/I:C/A:N)
4.2 Medium (CCN Temporal CVSS v2 Vector: AV:A/AC:M/Au:N/C:N/I:C/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Adjacent_Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Complete
Availibility (A): None
Vulnerability Type:CWE-254
Vulnerability Consequences:Bypass Security
References:Source: CCN
Type: Ars Technica Web site
New exploit turns Samsung Galaxy phones into remote bugging devices

Source: MISC
Type: Exploit
http://arstechnica.com/security/2015/06/new-exploit-turns-samsung-galaxy-phones-into-remote-bugging-devices/

Source: MITRE
Type: CNA
CVE-2015-4640

Source: CCN
Type: Computerworld Web site
Vulnerability in Samsung Galaxy phones put over 600 million Samsung phone users at risk

Source: CCN
Type: US-CERT VU#155412
Samsung Galaxy S phones fail to properly validate Swiftkey language pack updates

Source: CERT-VN
Type: Third Party Advisory, US Government Resource
VU#155412

Source: CCN
Type: Samsung Web site
Galaxy S

Source: BID
Type: UNKNOWN
75347

Source: XF
Type: UNKNOWN
samsung-galaxy-cve20154640-sec-bypass(103900)

Source: MISC
Type: Exploit
https://github.com/nowsecure/samsung-ime-rce-poc/

Source: MISC
Type: Exploit
https://www.nowsecure.com/blog/2015/06/16/remote-code-execution-as-system-user-on-samsung-phones/

Source: MISC
Type: Exploit
https://www.nowsecure.com/keyboard-vulnerability/

Vulnerable Configuration:Configuration 1:
  • cpe:/a:swiftkey:swiftkey_sdk:*:*:*:*:*:*:*:*
  • AND
  • cpe:/h:samsung:galaxy_s4:*:*:*:*:*:*:*:*
  • OR cpe:/h:samsung:galaxy_s4_mini:*:*:*:*:*:*:*:*
  • OR cpe:/h:samsung:galaxy_s5:*:*:*:*:*:*:*:*
  • OR cpe:/h:samsung:galaxy_s6:*:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/h:samsung:galaxy_s4:*:*:*:*:*:*:*:*
  • OR cpe:/h:samsung:galaxy_s5:*:*:*:*:*:*:*:*
  • OR cpe:/h:samsung:galaxy_s6:*:*:*:*:*:*:*:*
  • OR cpe:/h:samsung:galaxy_s4_mini:*:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    swiftkey swiftkey sdk *
    samsung galaxy s4 *
    samsung galaxy s4 mini *
    samsung galaxy s5 *
    samsung galaxy s6 *
    samsung galaxy s4 *
    samsung galaxy s5 *
    samsung galaxy s6 *
    samsung galaxy s4 mini *