Details of VAR-201812-0118

ID

VAR-201812-0118

CVE

CVE-2018-15006

TITLE

ZTE ZMAX Champ Android Vulnerabilities related to resource management in devices

Trust: 0.8

sources: JVNDB: JVNDB-2018-014556

DESCRIPTION

The ZTE ZMAX Champ Android device with a build fingerprint of ZTE/Z917VL/fortune:6.0.1/MMB29M/20170327.120922:user/release-keys contains a pre-installed platform app with a package name of com.android.zte.hiddenmenu (versionCode=23, versionName=6.0.1) that contains an exported broadcast receiver app component named com.android.zte.hiddenmenu.CommandReceiver that is accessible to any app co-located on the device. This app component, when it receives a broadcast intent with a certain action string, will write a non-standard (i.e., not defined in Android Open Source Project (AOSP) code) command to the /cache/recovery/command file to be executed in recovery mode. Once the device boots into recovery mode, it will crash, boot into recovery mode, and crash again. This crash loop will keep repeating, which makes the device unusable. There is no way to boot into an alternate mode once the crash loop starts. ZTE ZMAX Champ Android The device contains a resource management vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. ZTE ZMAX is prone to the following security vulnerabilities: 1. An arbitrary command-execution vulnerability 2. A denial-of-service vulnerability An attacker can exploit these issues by enticing a legitimate user to use the vulnerable application to execute arbitrary commands, to cause an affected device to crash, denying service to legitimate users. ZTE ZMAX Champ is a smartphone based on the Android platform of China's ZTE Corporation (ZTE)

Trust: 1.98

sources: NVD: CVE-2018-15006 // JVNDB: JVNDB-2018-014556 // BID: 106361 // VULHUB: VHN-125222

AFFECTED PRODUCTS

vendor:	zte	model:	zmax champ	scope:	eq	version:	6.0.1	Trust: 1.1
vendor:	zteusa	model:	zte zmax champ	scope:	eq	version:	6.0.1	Trust: 1.0
vendor:	zte	model:	zmax zmax pro	scope:	eq	version:	6.0.1	Trust: 0.3

sources: BID: 106361 // JVNDB: JVNDB-2018-014556 // NVD: CVE-2018-15006

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-15006
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-15006
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201812-1260
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-125222
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-15006
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-125222
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-15006
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-125222 // JVNDB: JVNDB-2018-014556 // CNNVD: CNNVD-201812-1260 // NVD: CVE-2018-15006

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-399	Trust: 0.9

sources: VULHUB: VHN-125222 // JVNDB: JVNDB-2018-014556 // NVD: CVE-2018-15006

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201812-1260

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201812-1260

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-014556

PATCH

title:

Top Page

url:

https://www.zte.com.cn/global/

Trust: 0.8

sources: JVNDB: JVNDB-2018-014556

EXTERNAL IDS

db:	BID	id:	106361	Trust: 2.8
db:	NVD	id:	CVE-2018-15006	Trust: 2.8
db:	JVNDB	id:	JVNDB-2018-014556	Trust: 0.8
db:	CNNVD	id:	CNNVD-201812-1260	Trust: 0.7
db:	VULHUB	id:	VHN-125222	Trust: 0.1

sources: VULHUB: VHN-125222 // BID: 106361 // JVNDB: JVNDB-2018-014556 // CNNVD: CNNVD-201812-1260 // NVD: CVE-2018-15006

REFERENCES

url:	http://www.securityfocus.com/bid/106361	Trust: 2.5
url:	https://www.kryptowire.com/portal/wp-content/uploads/2018/12/defcon-26-johnson-and-stavrou-vulnerable-out-of-the-box-an-eval-of-android-carrier-devices-wp-updated.pdf	Trust: 2.5
url:	https://www.kryptowire.com/portal/android-firmware-defcon-2018/	Trust: 2.0
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15006	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-15006	Trust: 0.8
url:	https://www.kryptowire.com/android-firmware-defcon-2018/	Trust: 0.8
url:	http://wwwen.zte.com.cn/en/	Trust: 0.3

sources: VULHUB: VHN-125222 // BID: 106361 // JVNDB: JVNDB-2018-014556 // CNNVD: CNNVD-201812-1260 // NVD: CVE-2018-15006

CREDITS

Kyrptowire

Trust: 0.3

sources: BID: 106361

SOURCES

db:	VULHUB	id:	VHN-125222
db:	BID	id:	106361
db:	JVNDB	id:	JVNDB-2018-014556
db:	CNNVD	id:	CNNVD-201812-1260
db:	NVD	id:	CVE-2018-15006

LAST UPDATE DATE

2024-11-23T22:06:27.627000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-125222	date:	2019-10-03T00:00:00
db:	BID	id:	106361	date:	2018-12-28T00:00:00
db:	JVNDB	id:	JVNDB-2018-014556	date:	2019-03-26T00:00:00
db:	CNNVD	id:	CNNVD-201812-1260	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2018-15006	date:	2024-11-21T03:50:20.447

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-125222	date:	2018-12-28T00:00:00
db:	BID	id:	106361	date:	2018-12-28T00:00:00
db:	JVNDB	id:	JVNDB-2018-014556	date:	2019-03-26T00:00:00
db:	CNNVD	id:	CNNVD-201812-1260	date:	2018-12-29T00:00:00
db:	NVD	id:	CVE-2018-15006	date:	2018-12-28T21:29:00.997