CVE-2011-0640

Severity Score

6.9

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The default configuration of udev on Linux does not warn the user before enabling additional Human Interface Device (HID) functionality over USB, which allows user-assisted attackers to execute arbitrary programs via crafted USB data, as demonstrated by keyboard and mouse data sent by malware on a smartphone that the user connected to the computer.

La configuración por defecto de udev en Linux no avisa al usuario antes de activar la funcionalidad Human Interface Device (HID) sobre USB, lo que permite a atacantes remotos asistidos por el usuario ejecutar programas de su elección a través de datos USB manipulados, como se demostró con datos enviados por teclado y ratón por malware sobre un smartphone que el usuario conectaba con el ordenador.

*Credits: N/A

CVSS Scores

NISTv2 6.9

Attack Vector

Local

Attack Complexity

Medium

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2011-01-24 CVE Reserved
2011-01-25 CVE Published
2024-09-16 CVE Updated
2024-09-17 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (3)

URL	Tag	Source
http://news.cnet.com/8301-27080_3-20028919-245.html	Broken Link
http://www.blackhat.com/html/bh-dc-11/bh-dc-11-briefings.html#Stavrou	Not Applicable
http://www.cs.gmu.edu/~astavrou/publications.html	Broken Link

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Udev Project Search vendor "Udev Project"		Udev Search vendor "Udev Project" for product "Udev"				-		-		Affected