Sign-up

ID

VAR-201808-0362


CVE

CVE-2018-14982


TITLE

LG Runs on the device Android Access control vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-009577

DESCRIPTION

Certain LG devices based on Android 6.0 through 8.1 have incorrect access control in the GNSS application. The LG ID is LVE-SMP-180004. GNSS application is one of the global satellite navigation applications. The vulnerability stems from the program's failure to perform correct access control. Remote attackers can use this vulnerability to gain access to GNSS applications

Trust: 2.16

sources: NVD: CVE-2018-14982 // JVNDB: JVNDB-2018-009577 // CNVD: CNVD-2020-28452

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-28452

AFFECTED PRODUCTS

vendor:googlemodel:androidscope:eqversion:6.0

Trust: 2.2

vendor:googlemodel:androidscope:eqversion:8.1

Trust: 2.2

vendor:googlemodel:androidscope:eqversion:7.1

Trust: 1.6

vendor:googlemodel:androidscope:eqversion:6.0.1

Trust: 1.6

vendor:googlemodel:androidscope:eqversion:8.0

Trust: 1.6

vendor:googlemodel:androidscope:eqversion:7.0

Trust: 1.6

vendor:googlemodel:androidscope:eqversion:7.2

Trust: 1.6

vendor:googlemodel:androidscope:eqversion:6.0 to 8.1

Trust: 0.8

vendor:lgmodel:devices based on androidscope:gteversion:6.0,<=8.1

Trust: 0.6

vendor:lgmodel: - scope:eqversion:x500

Trust: 0.6

vendor:lgmodel: - scope:eqversion:x400

Trust: 0.6

vendor:lgmodel: - scope:eqversion:x300

Trust: 0.6

vendor:lgmodel:q8scope: - version: -

Trust: 0.6

vendor:lgmodel:q6scope: - version: -

Trust: 0.6

vendor:lgmodel: - scope:eqversion:v30

Trust: 0.6

vendor:lgmodel: - scope:eqversion:v20

Trust: 0.6

vendor:lgmodel: - scope:eqversion:v10

Trust: 0.6

vendor:lgmodel:g6scope: - version: -

Trust: 0.6

vendor:lgmodel:g5scope: - version: -

Trust: 0.6

vendor:lgmodel:camscope:eqversion:x

Trust: 0.6

sources: CNVD: CNVD-2020-28452 // JVNDB: JVNDB-2018-009577 // CNNVD: CNNVD-201808-534 // NVD: CVE-2018-14982

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-14982
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-14982
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2020-28452
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201808-534
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2018-14982
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-28452
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2018-14982
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2020-28452 // JVNDB: JVNDB-2018-009577 // CNNVD: CNNVD-201808-534 // NVD: CVE-2018-14982

PROBLEMTYPE DATA

problemtype:CWE-732

Trust: 1.0

problemtype:CWE-284

Trust: 0.8

sources: JVNDB: JVNDB-2018-009577 // NVD: CVE-2018-14982

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201808-534

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201808-534

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-009577

PATCH
title:Android のセキュリティに関する公開情報url:https://source.android.com/security/bulletin/index.html
Trust: 0.8
title:Patch for LG product GNSS application access control error vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/217697
Trust: 0.6
title:LG product GNSS application Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84136
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-28452 // 
            
            
            
            JVNDB: JVNDB-2018-009577 // 
            
            
            
            CNNVD: CNNVD-201808-534

EXTERNAL IDS
db:NVDid:CVE-2018-14982
Trust: 3.0
db:JVNDBid:JVNDB-2018-009577
Trust: 0.8
db:CNVDid:CNVD-2020-28452
Trust: 0.6
db:CNNVDid:CNNVD-201808-534
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-28452 // 
            
            
            
            JVNDB: JVNDB-2018-009577 // 
            
            
            
            CNNVD: CNNVD-201808-534 // 
            
            
            
            NVD: CVE-2018-14982

REFERENCES
url:https://lgsecurity.lge.com/security_updates.html
Trust: 2.4
url:https://nvd.nist.gov/vuln/detail/cve-2018-14982
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14982
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2020-28452 // 
            
            
            
            JVNDB: JVNDB-2018-009577 // 
            
            
            
            CNNVD: CNNVD-201808-534 // 
            
            
            
            NVD: CVE-2018-14982

SOURCES
db:CNVDid:CNVD-2020-28452
db:JVNDBid:JVNDB-2018-009577
db:CNNVDid:CNNVD-201808-534
db:NVDid:CVE-2018-14982

LAST UPDATE DATE
2024-11-23T23:12:04.637000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-28452date:2020-05-15T00:00:00
db:JVNDBid:JVNDB-2018-009577date:2018-11-21T00:00:00
db:CNNVDid:CNNVD-201808-534date:2019-10-23T00:00:00
db:NVDid:CVE-2018-14982date:2024-11-21T03:50:14.773

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-28452date:2020-05-15T00:00:00
db:JVNDBid:JVNDB-2018-009577date:2018-11-21T00:00:00
db:CNNVDid:CNNVD-201808-534date:2018-08-20T00:00:00
db:NVDid:CVE-2018-14982date:2018-08-17T20:29:16.413