Strix
26.1K

CVE-2013-2599

UnknownEPSS 0.77%

Last modified

CVE-2013-2599 is a vulnerability of currently unknown severity. A certain Qualcomm Innovation Center (QuIC) patch to the NativeDaemonConnector class in services/java/com/android/server/NativeDaemonConnector.java in Code Aurora Forum (CAF) releases of Android 4.1.x through 4.3.x enables debug logging, which allows attackers to obtain sensitive disk-encryption passwords via a logcat call.. EPSS estimates a 0.77% chance of exploitation in the next 30 days.

Description

A certain Qualcomm Innovation Center (QuIC) patch to the NativeDaemonConnector class in services/java/com/android/server/NativeDaemonConnector.java in Code Aurora Forum (CAF) releases of Android 4.1.x through 4.3.x enables debug logging, which allows attackers to obtain sensitive disk-encryption passwords via a logcat call.

Metrics

EPSS Probability
0.77%

50.9th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

VendorProductVersionsUpdate
CodeauroraAndroid-Msm3.2.54
CodeauroraAndroid-Msm3.2.55
CodeauroraAndroid-Msm3.2.56
CodeauroraAndroid-Msm3.2.57
CodeauroraAndroid-Msm3.2.58
CodeauroraAndroid-Msm3.2.59
CodeauroraAndroid-Msm3.2.60
CodeauroraAndroid-Msm3.2.61
CodeauroraAndroid-Msm3.2.62
CodeauroraAndroid-Msm3.4.72
CodeauroraAndroid-Msm3.4.73
CodeauroraAndroid-Msm3.4.74
CodeauroraAndroid-Msm3.4.75
CodeauroraAndroid-Msm3.4.76
CodeauroraAndroid-Msm3.4.77
CodeauroraAndroid-Msm3.4.78
CodeauroraAndroid-Msm3.4.79
CodeauroraAndroid-Msm3.4.80
CodeauroraAndroid-Msm3.4.81
CodeauroraAndroid-Msm3.4.82
CodeauroraAndroid-Msm3.4.83
CodeauroraAndroid-Msm3.4.84
CodeauroraAndroid-Msm3.4.85
CodeauroraAndroid-Msm3.4.86
CodeauroraAndroid-Msm3.4.87
CodeauroraAndroid-Msm3.4.88
CodeauroraAndroid-Msm3.4.89
CodeauroraAndroid-Msm3.4.90
CodeauroraAndroid-Msm3.4.91
CodeauroraAndroid-Msm3.4.92
CodeauroraAndroid-Msm3.4.93
CodeauroraAndroid-Msm3.4.94
CodeauroraAndroid-Msm3.4.95
CodeauroraAndroid-Msm3.4.96
CodeauroraAndroid-Msm3.4.97
CodeauroraAndroid-Msm3.4.98
CodeauroraAndroid-Msm3.4.99
CodeauroraAndroid-Msm3.4.100
CodeauroraAndroid-Msm3.4.101
CodeauroraAndroid-Msm3.4.102
CodeauroraAndroid-Msm3.4.103
CodeauroraAndroid-Msm3.10
CodeauroraAndroid-Msm3.10.22
CodeauroraAndroid-Msm3.10.23
CodeauroraAndroid-Msm3.10.24
CodeauroraAndroid-Msm3.10.25
CodeauroraAndroid-Msm3.10.26
CodeauroraAndroid-Msm3.10.27
CodeauroraAndroid-Msm3.10.28
CodeauroraAndroid-Msm3.10.29

Showing 50 of 140 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2013-2599?
A certain Qualcomm Innovation Center (QuIC) patch to the NativeDaemonConnector class in services/java/com/android/server/NativeDaemonConnector.java in Code Aurora Forum (CAF) releases of Android 4.1.x through 4.3.x enables debug logging, which allows attackers to obtain sensitive disk-encryption passwords via a logcat call.
How severe is CVE-2013-2599?
Severity scoring for CVE-2013-2599 is pending analysis. The EPSS model estimates a 0.77% probability of exploitation in the next 30 days.
How do I fix CVE-2013-2599?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2013-2599?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST