CVE-2018-14998

{"id": "CVE-2018-14998", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.8, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.9}]}, "published": "2018-12-28T21:29:00.747", "references": [{"url": "https://www.kryptowire.com/portal/android-firmware-defcon-2018/", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.kryptowire.com/portal/wp-content/uploads/2018/12/DEFCON-26-Johnson-and-Stavrou-Vulnerable-Out-of-the-Box-An-Eval-of-Android-Carrier-Devices-WP-Updated.pdf", "tags": ["Exploit", "Technical Description", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "The Leagoo P1 Android device with a build fingerprint of sp7731c_1h10_32v4_bird:6.0/MRA58K/android.20170629.214736:user/release-keys contains a hidden root privilege escalation capability to achieve command execution as the root user. They have made modifications that allow a user with physical access to the device to obtain a root shell via ADB by modifying read-only system properties at runtime. Specifically, modifying the ro.debuggable and the ro.secure system properties to a certain value and then restarting the ADB daemon allows for a root shell to be obtained via ADB."}, {"lang": "es", "value": "El dispositivo Android \"Leagoo P1\" con una huella de build de sp7731c_1h10_32v4_bird:6.0/MRA58K/android.20170629.214736:user/release-keys contiene una capacidad de escalado de privilegios root escondida para lograr la ejecuci\u00f3n de comandos como el usuario root. Se han realizado modificaciones que permiten a usuarios con acceso f\u00edsico al dispositivo obtener un shell root mediante ADB, modificando las propiedades de sistema, del tipo solo lectura, en tiempo de ejecuci\u00f3n. Espec\u00edficamente, la modificaci\u00f3n de las propiedades de sistema ro.debuggable y ro.secure a un determinado valor y el reinicio del demonio ADB permite la obtenci\u00f3n de un shell root mediante ADB."}], "lastModified": "2019-10-03T00:03:26.223", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:leagoo:p1_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "763DCF92-A6B0-4F8B-811D-BFD19EA8997C"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:leagoo:p1:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8D4C52CD-08EB-444C-8971-E9E6DEB0B15A"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}