CVE-2018-14980

{"id": "CVE-2018-14980", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.1, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 1.8}]}, "published": "2019-04-25T20:29:00.350", "references": [{"url": "https://www.kryptowire.com", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.kryptowire.com/portal/android-firmware-defcon-2018/", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-732"}]}], "descriptions": [{"lang": "en", "value": "The ASUS ZenFone 3 Max Android device with a build fingerprint of asus/US_Phone/ASUS_X008_1:7.0/NRD90M/US_Phone-14.14.1711.92-20171208:user/release-keys contains the android framework (i.e., system_server) with a package name of android (versionCode=24, versionName=7.0) that has been modified by ASUS or another entity in the supply chain. The system_server process in the core android package has an exported broadcast receiver that allows any app co-located on the device to programmatically initiate the taking of a screenshot and have the resulting screenshot be written to external storage (i.e., sdcard). The taking of a screenshot is not transparent to the user; the device has a screen animation as the screenshot is taken and there is a notification indicating that a screenshot occurred. If the attacking app also requests the EXPAND_STATUS_BAR permission, it can wake the device up using certain techniques and expand the status bar to take a screenshot of the user's notifications even if the device has an active screen lock. The notifications may contain sensitive data such as text messages used in two-factor authentication. The system_server process that provides this capability cannot be disabled, as it is part of the Android framework. The notification can be removed by a local Denial of Service (DoS) attack to reboot the device."}, {"lang": "es", "value": "El dispositivo Android ASUS ZenFone 3 Max con una huella digital de compilaci\u00f3n de asus/US_Phone/ASUS_X008_1:7.0/NRD90M/US_Phone-14.14.1711.92-20171208:user/release-keys, contiene el framework de Android (es decir, system_server) con un nombre de paquete de android (versionCode=24, versionName=7.0) que ha sido modificado por ASUS u otra entidad en la cadena de suministro. El proceso system_server en el paquete central de Android tiene un receptor de difusi\u00f3n exportado que permite que cualquier aplicaci\u00f3n dentro del dispositivo iniciar la captura de pantalla de manera programada y que la captura de pantalla sea escrita en un almacenamiento externo (es decir, sdcard). La toma de una captura de pantalla no es transparente para el usuario; el dispositivo tiene una animaci\u00f3n de pantalla a medida que se toma la captura de pantalla y se presenta una notificaci\u00f3n indicando que ocurri\u00f3 una captura de pantalla. Si la aplicaci\u00f3n atacante tambi\u00e9n solicita el permiso EXPAND_STATUS_BAR, puede activar el dispositivo usando ciertas t\u00e9cnicas y expandir la barra de estado para tomar una captura de pantalla de las notificaciones del usuario, incluso si el dispositivo tiene un bloqueo de pantalla activo. Las notificaciones pueden contener datos confidenciales, como mensajes de texto usados en la autenticaci\u00f3n de dos factores. El proceso system_server que suministra esta capacidad no se puede desactivar, ya que forma parte del marco de Android. La notificaci\u00f3n puede ser eliminada por un ataque local de Denegaci\u00f3n de Servicio (DoS) para reiniciar el dispositivo."}], "lastModified": "2019-10-03T00:03:26.223", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:asus:zenfone_3_max_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "602E5943-BA00-4EFD-BACE-637A02F8B93B"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:asus:zenfone_3_max:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "58204F0A-17BA-45BD-BCC1-E15CBB54D96D"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}