CVE-2018-14991

{"id": "CVE-2018-14991", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2019-04-25T20:29:00.770", "references": [{"url": "https://www.kryptowire.com", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.kryptowire.com/portal/android-firmware-defcon-2018/", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.kryptowire.com/portal/wp-content/uploads/2018/12/DEFCON-26-Johnson-and-Stavrou-Vulnerable-Out-of-the-Box-An-Eval-of-Android-Carrier-Devices-WP-Updated.pdf", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "The Coolpad Defiant device with a build fingerprint of Coolpad/cp3632a/cp3632a:7.1.1/NMF26F/099480857:user/release-keys, the ZTE ZMAX Pro with a build fingerprint of ZTE/P895T20/urd:6.0.1/MMB29M/20170418.114928:user/release-keys, and the T-Mobile Revvl Plus with a build fingerprint of Coolpad/alchemy/alchemy:7.1.1/143.14.171129.3701A-TMO/buildf_nj_02-206:user/release-keys all contain a vulnerable, pre-installed Rich Communication Services (RCS) app. These devices contain an that app has a package name of com.suntek.mway.rcs.app.service (versionCode=1, versionName=RCS_sdk_M_native_20161008_01; versionCode=1, versionName=RCS_sdk_M_native_20170406_01) with an exported content provider named com.suntek.mway.rcs.app.service.provider.message.MessageProvider and a refactored version of the app with a package name of com.rcs.gsma.na.sdk (versionCode=1, versionName=RCS_SDK_20170804_01) with a content provider named com.rcs.gsma.na.provider.message.MessageProvider allow any app co-located on the device to read, write, insert, and modify the user's text messages. This is enabled by an exported content provider app component that serves as a wrapper to the official content provider that contains the user's text messages. This app cannot be disabled by the user and the attack can be performed by a zero-permission app."}, {"lang": "es", "value": "El dispositivo Coolpad Defiant con una huella digital de compilaci\u00f3n de Coolpad/cp3632a/cp3632a:7.1.1/NMF26F/099480857:user/release-keys, el ZTE ZMAX Pro con una huella digital de compilaci\u00f3n de ZTE/P895T20/urd:6.0.1/MMB29M/20170418.114928:user/release-keys, y T-Mobile Revvl Plus con una huella digital de compilaci\u00f3n de Coolpad/alchemy/alchemy:7.1.1/143.14.171129.3701A-TMO/buildf_nj_02-206:user/release-keys, todos contienen una vulnerabilidad , aplicaci\u00f3n preinstalada Rich Communication Services (RCS). Estos dispositivos contienen una aplicaci\u00f3n que tiene un nombre de paquete com.suntek.mway.rcs.app.service (versionCode=1, versionName=RCS_sdk_M_native_20161008_01; versionCode=1, versionName=RCS_sdk_M_native_20170406_01) con un proveedor de contenido exportado con el nombre com.sorkka .rcs.app.service.provider.message.MessageProvider y una versi\u00f3n refactorizada de la aplicaci\u00f3n con un nombre de paquete com.rcs.gsma.na.sdk (versionCode=1, versionName=RCS_SDK_20170804_01) con un proveedor de contenido llamado com.rcs .gsma.na.provider.message.MessageProvider, permite que cualquier aplicaci\u00f3n dentro del dispositivo lea, escriba, inserte y modifique los mensajes de texto del usuario. Esto est\u00e1 habilitado por un componente de la aplicaci\u00f3n del proveedor de contenido exportado que sirve como cubierta para el proveedor de contenido oficial que contiene los mensajes de texto del usuario. Esta aplicaci\u00f3n no puede ser desactivada por el usuario y el ataque puede ser realizado por una aplicaci\u00f3n de cero permisos."}], "lastModified": "2019-05-02T17:28:17.733", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:coolpad:defiant_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D555FC4B-99EB-48AC-92FF-2B2EE90BA44B"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:coolpad:defiant:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "77B98262-4175-415B-BCBE-2770D553FB2D"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:t-mobile:revvl_plus_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A7931B11-AD05-4F83-A24A-1E1FEA1D7C59"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:t-mobile:revvl_plus:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F84A1BD3-19CF-4C40-8937-391A7C90CB42"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:t-mobile:zte_zmax_pro_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0BAC5ECA-AE32-4771-ACF1-795A4590862D"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:t-mobile:zte_zmax_pro:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "90DA87B2-4CC9-48FC-9B41-7BE1DFBB4533"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}