Strix
26.1K

CVE-2012-2217

UnknownEPSS 2.06%

Last modified

CVE-2012-2217 is a vulnerability of currently unknown severity. The HTC IQRD service for Android on the HTC EVO 4G before 4.67.651.3, EVO Design 4G before 2.12.651.5, Shift 4G before 2.77.651.3, EVO 3D before 2.17.651.5, EVO View 4G before 2.23.651.1, Vivid before 3.26.502.56, and Hero does not restrict localhost access to TCP port 2479, which allows remote attackers to (1) send SMS messages, (2) obtain the Network Access Identifier (NAI) and its password, or trigger (3) popup messages or (4) tones via a crafted application that leverages the android.permission.INTERNET permission.. EPSS estimates a 2.06% chance of exploitation in the next 30 days.

Description

The HTC IQRD service for Android on the HTC EVO 4G before 4.67.651.3, EVO Design 4G before 2.12.651.5, Shift 4G before 2.77.651.3, EVO 3D before 2.17.651.5, EVO View 4G before 2.23.651.1, Vivid before 3.26.502.56, and Hero does not restrict localhost access to TCP port 2479, which allows remote attackers to (1) send SMS messages, (2) obtain the Network Access Identifier (NAI) and its password, or trigger (3) popup messages or (4) tones via a crafted application that leverages the android.permission.INTERNET permission.

Metrics

EPSS Probability
2.06%

78.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
HtcEvo 4g Software<= 4.54.651.1
HtcEvo 4g Software1.32.651.1
HtcEvo 4g Software1.47.651.1
HtcEvo 4g Software3.26.651.6
HtcEvo 4g Software3.29.651.5
HtcEvo 4g Software3.30.651.2
HtcEvo 4g Software3.30.651.3
HtcEvo 4g Software3.70.651.1
HtcEvo 4g Software4.22.651.2
HtcEvo 4g Software4.24.651.1
HtcEvo 4g Software4.53.651.1
HtcEvo 4gAll versions
HtcEvo 4ggri40
HtcEvo Design 4g Software<= 1.19.651.1
HtcEvo Design 4g Software1.19.651.0
HtcEvo Design 4gAll versions
HtcShift 4g Software<= 2.76.651.6
HtcShift 4g Software1.17.651.1
HtcShift 4g Software2.75.651.4
HtcShift 4g Software2.75.651.5
HtcShift 4gAll versions
HtcEvo 3d Software<= 2.08.651.3
HtcEvo 3d Software1.11.651.3
HtcEvo 3d Software1.13.651.7
HtcEvo 3d Software2.08.651.2
HtcEvo 3dAll versions
HtcEvo 3dgri40
HtcEvo View 4g Software<= 1.22.651.2
HtcEvo View 4g Software1.22.651.1
HtcEvo View 4gAll versions
HtcVivid Software<= 3.26.502
HtcVividAll versions
HtcHero Software1.29.651.1
HtcHero Software1.56.651.2
HtcHero Software2.27.651.5
HtcHero Software2.27.651.6
HtcHero Software2.31.651.7
HtcHero Software2.32.651.2
HtcHeroAll versions

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2012-2217?
The HTC IQRD service for Android on the HTC EVO 4G before 4.67.651.3, EVO Design 4G before 2.12.651.5, Shift 4G before 2.77.651.3, EVO 3D before 2.17.651.5, EVO View 4G before 2.23.651.1, Vivid before 3.26.502.56, and Hero does not restrict localhost access to TCP port 2479, which allows remote attackers to (1) send SMS messages, (2) obtain the Network Access Identifier (NAI) and its password, or trigger (3) popup messages or (4) tones via a crafted application that leverages the android.permission.INTERNET permission.
How severe is CVE-2012-2217?
Severity scoring for CVE-2012-2217 is pending analysis. The EPSS model estimates a 2.06% probability of exploitation in the next 30 days.
How do I fix CVE-2012-2217?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2012-2217?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST