{"containers": {"cna": {"affected": [{"product": "Android", "vendor": "n/a", "versions": [{"status": "affected", "version": "Android SoC"}]}], "descriptions": [{"lang": "en", "value": "ismsEx service is a vendor service in unisoc equipment\u3002ismsEx service is an extension of sms system service\uff0cbut it does not check the permissions of the caller\uff0cresulting in permission leaks\u3002Third-party apps can use this service to arbitrarily modify and set system properties\u3002Product: AndroidVersions: Android SoCAndroid ID: A-207479207"}], "problemTypes": [{"descriptions": [{"description": "Elevation of privilege", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-02-11T17:40:47.000Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://source.android.com/security/bulletin/2022-02-01"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@android.com", "ID": "CVE-2021-39658", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Android", "version": {"version_data": [{"version_value": "Android SoC"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "ismsEx service is a vendor service in unisoc equipment\u3002ismsEx service is an extension of sms system service\uff0cbut it does not check the permissions of the caller\uff0cresulting in permission leaks\u3002Third-party apps can use this service to arbitrarily modify and set system properties\u3002Product: AndroidVersions: Android SoCAndroid ID: A-207479207"}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Elevation of privilege"}]}]}, "references": {"reference_data": [{"name": "https://source.android.com/security/bulletin/2022-02-01", "refsource": "MISC", "url": "https://source.android.com/security/bulletin/2022-02-01"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T02:13:37.704Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://source.android.com/security/bulletin/2022-02-01"}]}]}, "cveMetadata": {"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2021-39658", "datePublished": "2022-02-11T17:40:47.000Z", "dateReserved": "2021-08-23T00:00:00.000Z", "dateUpdated": "2024-08-04T02:13:37.704Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "ismsEx service is a vendor service in unisoc equipment\u3002ismsEx service is an extension of sms system service\uff0cbut it does not check the permissions of the caller\uff0cresulting in permission leaks\u3002Third-party apps can use this service to arbitrarily modify and set system properties\u3002Product: AndroidVersions: Android SoCAndroid ID: A-207479207"}, {"lang": "es", "value": "El servicio ismsEx es un servicio de proveedor en equipos unisoc... el servicio ismsEx es una extensi\u00f3n del servicio de sistema sms... pero no comprueba los permisos de la persona que llama... resultando en un filtrado de permisos... Las aplicaciones de terceros pueden usar este servicio para modificar y establecer arbitrariamente las propiedades del sistema... Producto: Android, Versiones: Android SoC, ID de Android: A-207479207"}], "id": "CVE-2021-39658", "lastModified": "2024-11-21T06:19:54.393", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-02-11T18:15:10.060", "references": [{"source": "security@android.com", "tags": ["Vendor Advisory"], "url": "https://source.android.com/security/bulletin/2022-02-01"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://source.android.com/security/bulletin/2022-02-01"}], "sourceIdentifier": "security@android.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-276"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}