CVE-2019-18800

{"id": "CVE-2019-18800", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2019-11-06T16:15:10.993", "references": [{"url": "https://thesamarkand.tumblr.com/post/188785277609/viber-messenger-remote-account-reset-0day", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://thesamarkand.tumblr.com/post/188785277609/viber-messenger-remote-account-reset-0day", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-311"}, {"lang": "en", "value": "CWE-319"}]}], "descriptions": [{"lang": "en", "value": "Viber through 11.7.0.5 allows a remote attacker who can capture a victim's internet traffic to steal their Viber account, because not all Viber protocol traffic is encrypted. TCP data packet 9 on port 4244 from the victim's device contains cleartext information such as the device model and OS version, IMSI, and 20 bytes of udid in a binary format, which is located at offset 0x14 of this packet. Then, the attacker installs Viber on his device, initiates the registration process for any phone number, but doesn't enter a pin from SMS. Instead, he closes Viber. Next, the attacker rewrites his udid with the victim's udid, modifying the viber_udid file, which is located in the Viber preferences folder. (The udid is stored in a hexadecimal format.) Finally, the attacker starts Viber again and enters the pin from SMS."}, {"lang": "es", "value": "Viber hasta la versi\u00f3n 11.7.0.5 permite a un atacante remoto que puede capturar el tr\u00e1fico de Internet de una v\u00edctima robar su cuenta de Viber, porque no todo el tr\u00e1fico del protocolo de Viber est\u00e1 encriptado. El paquete de datos TCP 9 en el puerto 4244 del dispositivo de la v\u00edctima contiene informaci\u00f3n de texto claro, como el modelo del dispositivo y la versi\u00f3n del sistema operativo, IMSI, y 20 bytes de udid en formato binario, que se encuentra en el desplazamiento 0x14 de este paquete. Luego, el atacante instala Viber en su dispositivo, inicia el proceso de registro para cualquier n\u00famero de tel\u00e9fono, pero no ingresa un pin de SMS. En cambio, cierra Viber. Luego, el atacante reescribe su udid con el udid de la v\u00edctima, modificando el archivo viber_udid, que se encuentra en la carpeta de preferencias de Viber. (El udid se almacena en un formato hexadecimal). Finalmente, el atacante inicia Viber nuevamente e ingresa el pin desde SMS."}], "lastModified": "2024-11-21T04:33:35.593", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:rakuten:viber:*:*:*:*:*:android:*:*", "vulnerable": true, "matchCriteriaId": "3EA36533-3061-435D-B434-24A56B1833C8", "versionEndIncluding": "11.7.0.5"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}