CVE-2008-2235
opensc - smart card vulnerability
EPSS 0.07%
Description
OpenSC before 0.11.5 uses weak permissions (ADMIN file control information of 00) for the 5015 directory on smart cards and USB crypto tokens running Siemens CardOS M4, which allows physically proximate attackers to change the PIN.
How to fix CVE-2008-2235
To remediate CVE-2008-2235, upgrade the affected package to a fixed version below.
- Debian/opensc—upgrade to 0.11.4-4 or later
- Debian/opensc—upgrade to 0.11.1-2etch2 or later
Is CVE-2008-2235 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 0.11.4-4
- from 0, < 0.11.1-2etch2