nvd-json-data-feeds/CVE-2018/CVE-2018-65xx/CVE-2018-6599.json

{
  "id": "CVE-2018-6599",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2018-08-29T19:29:01.187",
  "lastModified": "2024-11-21T04:10:58.467",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered on Orbic Wonder Orbic/RC555L/RC555L:7.1.2/N2G47H/329100b:user/release-keys devices, allowing attackers to obtain sensitive information (such as text-message content) by reading a copy of the Android log on the SD card. The system-wide Android logs are not directly available to third-party apps since they tend to contain sensitive data. Third-party apps can read from the log but only the log messages that the app itself has written. Certain apps can leak data to the Android log due to not sanitizing log messages, which is in an insecure programming practice. Pre-installed system apps and apps that are signed with the framework key can read from the system-wide Android log. We found a pre-installed app on the Orbic Wonder that when started via an Intent will write the Android log to the SD card, also known as external storage, via com.ckt.mmitest.MmiMainActivity. Any app that requests the READ_EXTERNAL_STORAGE permission can read from the SD card. Therefore, a local app on the device can quickly start a specific component in the pre-installed system app to have the Android log written to the SD card. Therefore, any app co-located on the device with the READ_EXTERNAL_STORAGE permission can obtain the data contained within the Android log and continually monitor it and mine the log for relevant data. In addition, the default messaging app (com.android.mms) writes the body of sent and received text messages to the Android log, as well as the recipient phone number for sent text messages and the sending phone number for received text messages. In addition, any call data contains phone numbers for sent and received calls."
    },
    {
      "lang": "es",
      "value": "Se ha descubierto un problema en dispositivos Orbic Wonder Orbic/RC555L/RC555L:7.1.2/N2G47H/329100b:user/release-key que permite que los atacantes obtengan informaci\u00f3n sensible (como el contenido de mensajes de texto) mediante la lectura del registro de Android en la tarjeta SD. Los registros de Android del sistema no est\u00e1n directamente disponibles a aplicaciones de terceros, ya que suelen contener datos sensibles. Las aplicaciones de terceros pueden leer desde el registro, pero solo aquellos registros que hayan sido escritos por la propia aplicaci\u00f3n. Ciertas aplicaciones pueden filtrar datos al registro de Android debido a que no se sanean los mensajes de registro, lo que supone una pr\u00e1ctica insegura de programaci\u00f3n. Las aplicaciones preinstaladas del sistema y las aplicaciones que est\u00e1n firmadas con la clave del framework pueden leer del registro de Android del sistema. Se ha encontrado una aplicaci\u00f3n preinstalada en Orbic Wonder que, al iniciarse mediante un Intent, escribir\u00e1 el registro de Android en la tarjeta SD, tambi\u00e9n conocida como almacenamiento externo, por medio de com.ckt.mmitest.MmiMainActivity. Cualquier aplicaci\u00f3n que solicita el permiso READ_EXTERNAL_STORAGE puede leer desde la tarjeta SD. Por lo tanto, una aplicaci\u00f3n local puede lanzar r\u00e1pidamente un componente espec\u00edfico en la aplicaci\u00f3n preinstalada del sistema para hacer que el registro de Android se escriba en la tarjeta SD. Por lo tanto, cualquier aplicaci\u00f3n colocada en el dispositivo con el permiso READ_EXTERNAL_STORAGE puede obtener los datos contenidos en el registro de Android y monitorizarlo continuamente y minarlo para buscar datos relevantes. Adem\u00e1s, la aplicaci\u00f3n de mensajer\u00eda por defecto (com.android.mms) escribe el cuerpo de los mensajes de texto enviados y recibidos al registro de Android, as\u00ed como al n\u00famero de tel\u00e9fono del destinatario para los mensajes enviados y el n\u00famero de tel\u00e9fono del remitente para los mensajes de texto recibidos. Aparte, cualquier dato de llamadas contiene n\u00fameros de tel\u00e9fono para las llamadas realizadas y recibidas."
    }
  ],
  "metrics": {
    "cvssMetricV30": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.0",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "attackVector": "LOCAL",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "baseScore": 2.1,
          "accessVector": "LOCAL",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE"
        },
        "baseSeverity": "LOW",
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-532"
        }
      ]
    }
  ],
  "configurations": [
    {
      "operator": "AND",
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:orbic:wonder_rc555l_firmware:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F4F25BE-8E8F-4D94-A70C-316F9A772238"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:orbic:wonder_rc555l_firmware:7.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F31A829-FB63-417D-AE7D-31BE9E03A4D8"
            }
          ]
        },
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": false,
              "criteria": "cpe:2.3:h:orbic:wonder_rc555l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FEBA4B7-742F-4914-BD59-C657CEC22DD7"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://www.kryptowire.com/portal/android-firmware-defcon-2018/",
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://www.kryptowire.com/portal/android-firmware-defcon-2018/",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ]
    }
  ]
}