Strix
26.1K

CVE-2009-0368

UnknownEPSS 1.21%

Last modified

CVE-2009-0368 is a vulnerability of currently unknown severity. OpenSC before 0.11.7 allows physically proximate attackers to bypass intended PIN requirements and read private data objects via a (1) low level APDU command or (2) debugging tool, as demonstrated by reading the 4601 or 4701 file with the opensc-explorer or opensc-tool program.. EPSS estimates a 1.21% chance of exploitation in the next 30 days.

Description

OpenSC before 0.11.7 allows physically proximate attackers to bypass intended PIN requirements and read private data objects via a (1) low level APDU command or (2) debugging tool, as demonstrated by reading the 4601 or 4701 file with the opensc-explorer or opensc-tool program.

Metrics

EPSS Probability
1.21%

64.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
Opensc-ProjectOpensc<= 0.11.6
Opensc-ProjectOpensc0.3.2
Opensc-ProjectOpensc0.3.5
Opensc-ProjectOpensc0.4.0
Opensc-ProjectOpensc0.5.0
Opensc-ProjectOpensc0.6.0
Opensc-ProjectOpensc0.6.1
Opensc-ProjectOpensc0.7.0
Opensc-ProjectOpensc0.8
Opensc-ProjectOpensc0.8.0
Opensc-ProjectOpensc0.8.0.0
Opensc-ProjectOpensc0.8.1
Opensc-ProjectOpensc0.9
Opensc-ProjectOpensc0.9.2
Opensc-ProjectOpensc0.9.3
Opensc-ProjectOpensc0.9.4
Opensc-ProjectOpensc0.9.5
Opensc-ProjectOpensc0.9.6
Opensc-ProjectOpensc0.9.7
Opensc-ProjectOpensc0.9.8
Opensc-ProjectOpensc0.10.0
Opensc-ProjectOpensc0.10.1
Opensc-ProjectOpensc0.11.0
Opensc-ProjectOpensc0.11.1
Opensc-ProjectOpensc0.11.2
Opensc-ProjectOpensc0.11.3
Opensc-ProjectOpensc0.11.4
Opensc-ProjectOpensc0.11.5

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2009-0368?
OpenSC before 0.11.7 allows physically proximate attackers to bypass intended PIN requirements and read private data objects via a (1) low level APDU command or (2) debugging tool, as demonstrated by reading the 4601 or 4701 file with the opensc-explorer or opensc-tool program.
How severe is CVE-2009-0368?
Severity scoring for CVE-2009-0368 is pending analysis. The EPSS model estimates a 1.21% probability of exploitation in the next 30 days.
How do I fix CVE-2009-0368?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2009-0368?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST