CVE-2014-8610

AndroidManifest.xml in Android before 5.0.0 does not require the SEND_SMS permission for the SmsReceiver receiver, which allows attackers to send stored SMS messages, and consequently transmit arbitrary new draft SMS messages or trigger additional per-message charges from a network operator for old messages, via a crafted application that broadcasts an intent with the com.android.mms.transaction.MESSAGE_SENT action, aka Bug 17671795.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.3 UNKNOWN
LOCAL
MEDIUM
AV:L/AC:M/Au:N/C:P/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 19%
VendorProductVersion
googleandroid
𝑥
≤ 4.4.4
googleandroid
1.0
googleandroid
1.1
googleandroid
1.5
googleandroid
1.6
googleandroid
2.0
googleandroid
2.0.1
googleandroid
2.1
googleandroid
2.2
googleandroid
2.2:rev1
googleandroid
2.2.1
googleandroid
2.2.2
googleandroid
2.2.3
googleandroid
2.3
googleandroid
2.3:rev1
googleandroid
2.3.1
googleandroid
2.3.2
googleandroid
2.3.3
googleandroid
2.3.4
googleandroid
2.3.5
googleandroid
2.3.6
googleandroid
2.3.7
googleandroid
3.0
googleandroid
3.1
googleandroid
3.2
googleandroid
3.2.1
googleandroid
3.2.2
googleandroid
3.2.4
googleandroid
3.2.6
googleandroid
4.0
googleandroid
4.0.1
googleandroid
4.0.2
googleandroid
4.0.3
googleandroid
4.0.4
googleandroid
4.1
googleandroid
4.1.2
googleandroid
4.2
googleandroid
4.2.1
googleandroid
4.2.2
googleandroid
4.3
googleandroid
4.3.1
googleandroid
4.4
googleandroid
4.4.1
googleandroid
4.4.2
googleandroid
4.4.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/129282/Android-SMS-Resend.html
http://seclists.org/fulldisclosure/2014/Dec/8
http://seclists.org/fulldisclosure/2014/Nov/85
http://xteam.baidu.com/?p=164
https://android.googlesource.com/platform/packages/apps/Mms/+/008d6202fca4002a7dfe333f22377faa73585c67
https://github.com/joswr1ght/drozer-modules/blob/master/whfs/smsdraftsend.py
http://packetstormsecurity.com/files/129282/Android-SMS-Resend.html
http://seclists.org/fulldisclosure/2014/Dec/8
http://seclists.org/fulldisclosure/2014/Nov/85
http://xteam.baidu.com/?p=164
https://android.googlesource.com/platform/packages/apps/Mms/+/008d6202fca4002a7dfe333f22377faa73585c67
https://github.com/joswr1ght/drozer-modules/blob/master/whfs/smsdraftsend.py