Remote Command Execution Vulnerability in Nokia Affix Bluetooth Client
CVE-2005-2277

Currently unrated

Key Information:

Vendor: Nokia
Status: Affix
Vendor: CVE Published:; 15 July 2005

What is CVE-2005-2277?

The Bluetooth FTP client in Nokia Affix versions 2.1.2 and 3.2.0 is susceptible to a remote command execution vulnerability. By manipulating the filename argument in a PUT command, an attacker can inject shell metacharacters, leading to arbitrary command execution on the vulnerable system. This flaw exposes the device to potential unauthorized actions, making it crucial for users to update their systems and apply relevant patches to safeguard against exploitation.

References

http://affix.sourceforge.net/affix_212_sec.patch

x_refsource_CONFIRM

http://www.securityfocus.com/bid/14232

vdb-entryx_refsource_BID

http://www.digitalmunition.com/DMA%5B2005-0712b%5D.txt

x_refsource_MISC

EPSS Score

7% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jul 15, 2005
Vulnerability Reserved
Jul 15, 2005