CVE-2018-15000

{"id": "CVE-2018-15000", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.3, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.3, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 1.0}]}, "published": "2019-04-25T20:29:01.537", "references": [{"url": "https://www.kryptowire.com", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.kryptowire.com/portal/android-firmware-defcon-2018/", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.kryptowire.com/portal/wp-content/uploads/2018/12/DEFCON-26-Johnson-and-Stavrou-Vulnerable-Out-of-the-Box-An-Eval-of-Android-Carrier-Devices-WP-Updated.pdf", "tags": ["Technical Description", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "The Vivo V7 Android device with a build fingerprint of vivo/1718/1718:7.1.2/N2G47H/compil11021857:user/release-keys contains a platform app with a package name of com.vivo.smartshot (versionCode=1, versionName=3.0.0). This app contains an exported service named com.vivo.smartshot.ui.service.ScreenRecordService that will record the screen for 60 minutes and write the mp4 file to a location of the user's choosing. Normally, a recording notification will be visible to the user, but we discovered an approach to make it mostly transparent to the user by quickly removing a notification and floating icon. The user can see a floating icon and notification appear and disappear quickly due to quickly stopping and restarting the service with different parameters that do not interfere with the ongoing screen recording. The screen recording lasts for 60 minutes and can be written directly to the attacking app's private directory."}, {"lang": "es", "value": "El dispositivo Android Vivo V7 con una huella digital de compilaci\u00f3n vivo/1718/1718:7.1.2/N2G47H/compil11021857:user/release-keys contiene una aplicaci\u00f3n de plataforma con un nombre de paquete com.vivo.smartshot (versionCode=1, versionName=3.0.0). Esta aplicaci\u00f3n incluye un servicio exportado llamado com.vivo.smartshot.ui.service.ScreenRecordService que grabar\u00e1 la pantalla durante 60 minutos y escribir\u00e1 el archivo mp4 en la ubicaci\u00f3n que elija el usuario. Normalmente, una notificaci\u00f3n de grabaci\u00f3n ser\u00e1 visible para el usuario, pero descubrimos un m\u00e9todo para hacerlo m\u00e1s transparente para el usuario al eliminar r\u00e1pidamente una notificaci\u00f3n y un \u00edcono flotante. El usuario puede observar un \u00edcono flotante y la notificaci\u00f3n aparece y desaparece r\u00e1pidamente debido a la r\u00e1pida detenci\u00f3n y reinicio del servicio con distintos par\u00e1metros que no interfieren con la grabaci\u00f3n de la pantalla en curso. La grabaci\u00f3n de la pantalla tiene una duraci\u00f3n de 60 minutos y puede ser escrita directamente en el directorio privado de la aplicaci\u00f3n atacante."}], "lastModified": "2019-10-03T00:03:26.223", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:vivo:v7_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4E59F029-5F51-4E76-8E7C-BED0F0CED866"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:vivo:v7:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3A131BA3-8885-476C-B5AF-0950B6DFA4C4"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}