What is the severity of CVE-2014-8610?

CVE-2014-8610 has a medium severity rating due to its potential to allow unauthorized SMS message sending.

How do I fix CVE-2014-8610?

To fix CVE-2014-8610, update your Android device to version 5.0.0 or later, where the SEND_SMS permission is required.

What versions of Android are affected by CVE-2014-8610?

CVE-2014-8610 affects all Android versions prior to 5.0.0.

What can attackers do with CVE-2014-8610?

Attackers can send stored SMS messages and create draft messages without user's consent due to the lack of proper permissions.

Is my device vulnerable if I have an older version of Android?

Yes, if you are using an Android version before 5.0.0, your device is vulnerable to CVE-2014-8610.

Vulnerability/
CVE-2014-8610

low

3.3

CWE

264

15/12/2014

6/8/2024

CVE-2014-8610

First published: Mon Dec 15 2014(Updated: )

AndroidManifest.xml in Android before 5.0.0 does not require the SEND_SMS permission for the SmsReceiver receiver, which allows attackers to send stored SMS messages, and consequently transmit arbitrary new draft SMS messages or trigger additional per-message charges from a network operator for old messages, via a crafted application that broadcasts an intent with the com.android.mms.transaction.MESSAGE_SENT action, aka Bug 17671795.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Google Android	<=4.4.4
Google Android	=1.0
Google Android	=1.1
Google Android	=1.5
Google Android	=1.6
Google Android	=2.0
Google Android	=2.0.1
Google Android	=2.1
Google Android	=2.2
Google Android	=2.2-rev1
Google Android	=2.2.1
Google Android	=2.2.2
Google Android	=2.2.3
Google Android	=2.3
Google Android	=2.3-rev1
Google Android	=2.3.1
Google Android	=2.3.2
Google Android	=2.3.3
Google Android	=2.3.4
Google Android	=2.3.5
Google Android	=2.3.6
Google Android	=2.3.7
Google Android	=3.0
Google Android	=3.1
Google Android	=3.2
Google Android	=3.2.1
Google Android	=3.2.2
Google Android	=3.2.4
Google Android	=3.2.6
Google Android	=4.0
Google Android	=4.0.1
Google Android	=4.0.2
Google Android	=4.0.3
Google Android	=4.0.4
Google Android	=4.1
Google Android	=4.1.2
Google Android	=4.2
Google Android	=4.2.1
Google Android	=4.2.2
Google Android	=4.3
Google Android	=4.3.1
Google Android	=4.4
Google Android	=4.4.1
Google Android	=4.4.2
Google Android	=4.4.3

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2014-8610?
CVE-2014-8610 has a medium severity rating due to its potential to allow unauthorized SMS message sending.
How do I fix CVE-2014-8610?
To fix CVE-2014-8610, update your Android device to version 5.0.0 or later, where the SEND_SMS permission is required.
What versions of Android are affected by CVE-2014-8610?
CVE-2014-8610 affects all Android versions prior to 5.0.0.
What can attackers do with CVE-2014-8610?
Attackers can send stored SMS messages and create draft messages without user's consent due to the lack of proper permissions.
Is my device vulnerable if I have an older version of Android?
Yes, if you are using an Android version before 5.0.0, your device is vulnerable to CVE-2014-8610.

agent/references
agent/type
agent/softwarecombine
collector/nvd-index
agent/software-canonical-lookup-request
agent/description
agent/severity
agent/weakness
agent/author
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/event
agent/tags
agent/first-publish-date
agent/source
vendor/google
canonical/google android
version/google android/4.4.4
version/google android/1.0
version/google android/1.1
version/google android/1.5
version/google android/1.6
version/google android/2.0
version/google android/2.0.1
version/google android/2.1
version/google android/2.2
version/google android/2.2-rev1
version/google android/2.2.1
version/google android/2.2.2
version/google android/2.2.3
version/google android/2.3
version/google android/2.3-rev1
version/google android/2.3.1
version/google android/2.3.2
version/google android/2.3.3
version/google android/2.3.4
version/google android/2.3.5
version/google android/2.3.6
version/google android/2.3.7
version/google android/3.0
version/google android/3.1
version/google android/3.2
version/google android/3.2.1
version/google android/3.2.2
version/google android/3.2.4
version/google android/3.2.6
version/google android/4.0
version/google android/4.0.1
version/google android/4.0.2
version/google android/4.0.3
version/google android/4.0.4
version/google android/4.1
version/google android/4.1.2
version/google android/4.2
version/google android/4.2.1
version/google android/4.2.2
version/google android/4.3
version/google android/4.3.1
version/google android/4.4
version/google android/4.4.1
version/google android/4.4.2
version/google android/4.4.3

Frequently Asked Questions

What is the severity of CVE-2014-8610?
CVE-2014-8610 has a medium severity rating due to its potential to allow unauthorized SMS message sending.
How do I fix CVE-2014-8610?
To fix CVE-2014-8610, update your Android device to version 5.0.0 or later, where the SEND_SMS permission is required.
What versions of Android are affected by CVE-2014-8610?
CVE-2014-8610 affects all Android versions prior to 5.0.0.
What can attackers do with CVE-2014-8610?
Attackers can send stored SMS messages and create draft messages without user's consent due to the lack of proper permissions.
Is my device vulnerable if I have an older version of Android?
Yes, if you are using an Android version before 5.0.0, your device is vulnerable to CVE-2014-8610.

CVE-2014-8610

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2014-8610?

How do I fix CVE-2014-8610?

What versions of Android are affected by CVE-2014-8610?

What can attackers do with CVE-2014-8610?

Is my device vulnerable if I have an older version of Android?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2014-8610?

How do I fix CVE-2014-8610?

What versions of Android are affected by CVE-2014-8610?

What can attackers do with CVE-2014-8610?

Is my device vulnerable if I have an older version of Android?