CVE-2018-14979

{"id": "CVE-2018-14979", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 1.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 4.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.0}]}, "published": "2018-12-28T21:29:00.247", "references": [{"url": "https://www.kryptowire.com/portal/android-firmware-defcon-2018/", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.kryptowire.com/portal/wp-content/uploads/2018/12/DEFCON-26-Johnson-and-Stavrou-Vulnerable-Out-of-the-Box-An-Eval-of-Android-Carrier-Devices-WP-Updated.pdf", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "The ASUS ZenFone 3 Max Android device with a build fingerprint of asus/US_Phone/ASUS_X008_1:7.0/NRD90M/US_Phone-14.14.1711.92-20171208:user/release-keys contains a pre-installed app with a package name of com.asus.loguploader (versionCode=1570000275, versionName=7.0.0.55_170515). This app contains an exported service app component named com.asus.loguploader.LogUploaderService that, when accessed with a particular action string, will write a bugreport (kernel log, logcat log, and the state of system services including the text of active notifications), Wi-Fi Passwords, and other system data to external storage (sdcard). Any app with the READ_EXTERNAL_STORAGE permission on this device can read this data from the sdcard after it has been dumped there by the com.asus.loguploader. Third-party apps are not allowed to directly create a bugreport or access the user's stored wireless network credentials."}, {"lang": "es", "value": "El dispositivo Android ASUS ZenFone 3 Max con una huella digital asus/US_Phone/ASUS_X008_1:7.0/NRD90M/US_Phone-14.14.1711.92-20171208:user/release-keys contiene una aplicaci\u00f3n preinstalada, cuyo paquete se denomina com.asus.loguploader (versionCode=1570000275, versionName=7.0.0.55_170515). Esta app contiene un componente de app de servicio exportada llamado com.asus.loguploader.LogUploaderService que, al accederse a \u00e9l con una cadena de acci\u00f3n determinada, escribir\u00e1 un informe de errores (registro del kernel, registro logcat y el estado de los servicios del sistema, incluyendo el texto de las notificaciones activas), las contrase\u00f1as de wifi y otros datos del sistema en el almacenamiento externo (tarjeta SD). Cualquier app con el permiso READ_EXTERNAL_STORAGE en este dispositivo puede leer estos datos desde la tarjeta SD una vez han sido volcados ah\u00ed por com.asus.loguploader. Las aplicaciones de terceros no pueden crear directamente un informe de errores o acceder a las credenciales de red inal\u00e1mbrica almacenadas del usuario."}], "lastModified": "2019-02-22T20:31:55.640", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:asus:zenfone_3_max_firmware:7.0.0.55:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2BB90244-C5CD-4C14-B5D5-F1774A1CDA58"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:asus:zenfone_3_max:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "58204F0A-17BA-45BD-BCC1-E15CBB54D96D"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}