CVE-2024-41999

Smart-tab Android app installed April 2023 or earlier contains an active debug code vulnerability. If this vulnerability is exploited, an attacker with physical access to the device may exploit the debug function to gain access to the OS functions, escalate the privilege, change the device's settings, or spoof devices in other rooms.

CVSS v3 6.8 MEDIUM

6.8^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.9 / Impact : 5.9

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://jvn.jp/en/jp/JVN42445661/
https://tsc-soft.co.jp/smart-tab/

Configurations

No configuration.

History

30 Sep 2024, 12:45

Type	Values Removed	Values Added
Summary		(es) La aplicación Smart-tab para Android instalada en abril de 2023 o antes contiene una vulnerabilidad de código de depuración activa. Si se aprovecha esta vulnerabilidad, un atacante con acceso físico al dispositivo puede aprovechar la función de depuración para obtener acceso a las funciones del sistema operativo, aumentar los privilegios, cambiar la configuración del dispositivo o falsificar dispositivos en otras habitaciones.

30 Sep 2024, 08:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-09-30 08:15

Updated : 2024-09-30 17:35

NVD link : CVE-2024-41999

Mitre link : CVE-2024-41999

CVE.ORG link : CVE-2024-41999

JSON object : View

Products Affected

No product.

CWE

CWE-489

Active Debug Code

{"id": "CVE-2024-41999", "cveTags": [], "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "vultures@jpcert.or.jp", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.8, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.9}], "cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.9}]}, "published": "2024-09-30T08:15:03.210", "references": [{"url": "https://jvn.jp/en/jp/JVN42445661/", "source": "vultures@jpcert.or.jp"}, {"url": "https://tsc-soft.co.jp/smart-tab/", "source": "vultures@jpcert.or.jp"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "vultures@jpcert.or.jp", "description": [{"lang": "en", "value": "CWE-489"}]}], "descriptions": [{"lang": "en", "value": "Smart-tab Android app installed April 2023 or earlier contains an active debug code vulnerability. If this vulnerability is exploited, an attacker with physical access to the device may exploit the debug function to gain access to the OS functions, escalate the privilege, change the device's settings, or spoof devices in other rooms."}, {"lang": "es", "value": "La aplicaci\u00f3n Smart-tab para Android instalada en abril de 2023 o antes contiene una vulnerabilidad de c\u00f3digo de depuraci\u00f3n activa. Si se aprovecha esta vulnerabilidad, un atacante con acceso f\u00edsico al dispositivo puede aprovechar la funci\u00f3n de depuraci\u00f3n para obtener acceso a las funciones del sistema operativo, aumentar los privilegios, cambiar la configuraci\u00f3n del dispositivo o falsificar dispositivos en otras habitaciones."}], "lastModified": "2024-09-30T17:35:09.340", "sourceIdentifier": "vultures@jpcert.or.jp"}