CVE-2018-15004

{"id": "CVE-2018-15004", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.2}]}, "published": "2018-12-28T21:29:00.900", "references": [{"url": "https://www.kryptowire.com/portal/android-firmware-defcon-2018/", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.kryptowire.com/portal/wp-content/uploads/2018/12/DEFCON-26-Johnson-and-Stavrou-Vulnerable-Out-of-the-Box-An-Eval-of-Android-Carrier-Devices-WP-Updated.pdf", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-532"}]}], "descriptions": [{"lang": "en", "value": "The Coolpad Canvas device with a build fingerprint of Coolpad/cp3636a/cp3636a:7.0/NRD90M/093031423:user/release-keys contains a platform app with a package name of com.qualcomm.qti.modemtestmode (versionCode=24, versionName=7.0) that contains an exported service app component named com.qualcomm.qti.modemtestmode.MbnTestService that allows any app on the device to set certain system properties as the com.android.phone user. When an app sets the persist.service.logr.enable system property to a value of 1, an app with a package name of com.yulong.logredirect (versionCode=20160622, versionName=5.25_20160622_01) will start writing the system-wide logcat log, kernel log, and a tcpdump network traffic capture to external storage. Furthermore, on the Coolpad Canvas device, the com.android.phone app writes the destination phone number and body of the text message for outgoing text messages. A notification when logging can be avoided if the log is enabled after device startup and disabled prior to device shutdown by setting the system properties using the exported interface of the com.qualcomm.qti.modemtestmode app. Any app with the READ_EXTERNAL_STORAGE permission can access the log files."}, {"lang": "es", "value": "El dispositivo Coolpad Canvas con una huella digital de Coolpad/cp3636a/cp3636a:7.0/NRD90M/093031423:user/release-keys contiene una app de plataforma con un nombre de paquete com.qualcomm.qti.modemtestmode (versionCode=24, versionName=7.0) que contiene un componente de app de servicio exportado llamado com.qualcomm.qti.modemtestmode.MbnTestService que permite que cualquier app del dispositivo establezca ciertas propiedades del sistema como el usuario com.android.phone. Cuando una app establece la propiedad del sistema persist.service.logr.enable con un valor de 1, una app con un nombre de paquete com.yulong.logredirect (versionCode=20160622, versionName=5.25_20160622_01) comenzar\u00e1 a escribir el registro del sistema logcat, el registro del kernel y la captura de tr\u00e1fico de red tcpdump en el almacenamiento externo. Adem\u00e1s, en el dispositivo Coolpad Canvas, la app com.android.phone escribe el n\u00famero de tel\u00e9fono de destino y el cuerpo del mensaje de texto para los mensajes de texto salientes. Se puede evitar una notificaci\u00f3n al registrar si el registro est\u00e1 habilitado tras el arranque del dispositivo y se deshabilita antes de apagarlo estableciendo las propiedades del sistema mediante la interfaz exportada de la app com.qualcomm.qti.modemtestmode. Cualquier app con el permiso READ_EXTERNAL_STORAGE puede acceder a los archivos de registro."}], "lastModified": "2019-02-07T17:34:43.057", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:coolpad:canvas_firmware:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D74BC097-CE81-4C08-B519-C4D3D1BA8FD3"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:coolpad:canvas:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5A93A3B7-A7FC-49B4-A2A2-2DA9CE5D8365"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}