Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-0368 — Opensc vulnerability

CWE-3108 documents8 sources

Severity

2.1LOWNVD

EPSS

0.4%

top 41.62%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Opensc Project Opensc Opensc-project Opensc

Timeline

PublishedMar 2

Latest updateMay 2

Description

OpenSC before 0.11.7 allows physically proximate attackers to bypass intended PIN requirements and read private data objects via a (1) low level APDU command or (2) debugging tool, as demonstrated by reading the 4601 or 4701 file with the opensc-explorer or opensc-tool program.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages2 packages

▶Debianopensc_project/opensc< 0.11.7-1+3

▶NVDopensc-project/opensc0.11.6+27

Patches

Patch: openwall.com ↗Patch: www.securityfocus.com ↗Patch: openwall.com ↗

🔴Vulnerability Details

GHSA

GHSA-q2pp-hq8h-7mm3: OpenSC before 0↗2022-05-02

▶

CVEList

CVE-2009-0368: OpenSC before 0↗2009-03-02

▶

OSV

CVE-2009-0368: OpenSC before 0↗2009-03-02

▶

💥Exploits & PoCs

Exploit-DB

OpenSC 0.11.x - PKCS#11 Implementation Unauthorized Access↗2009-02-26

▶

📋Vendor Advisories

Debian

CVE-2009-0368: opensc - OpenSC before 0.11.7 allows physically proximate attackers to bypass intended PI...↗2009

▶

Red Hat

opensc: insufficient access restrictions on private data↗

▶

💬Community

Bugzilla

CVE-2009-0368 opensc: insufficient access restrictions on private data↗2009-02-27

▶