Sign-up

ID

VAR-201812-0119


CVE

CVE-2018-15007


TITLE

Sky Elite 6.0L+ Android In the device OS Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-014504

DESCRIPTION

The Sky Elite 6.0L+ Android device with a build fingerprint of SKY/x6069_trx_l601_sky/x6069_trx_l601_sky:6.0/MRA58K/1482897127:user/release-keys contains a pre-installed platform app with a package name of com.fw.upgrade.sysoper (versionCode=238, versionName=2.3.8) that contains an exported broadcast receiver app component named com.adups.fota.sysoper.WriteCommandReceiver that allows any app co-located on the device to supply arbitrary commands to be executed as the system user. The com.fw.upgrade.sysoper app cannot be disabled by the user and the attack can be performed by a zero-permission app. Executing commands as system user can allow a third-party app to video record the user's screen, factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the Graphical User Interface (GUI), change the default Input Method Editor (IME) (e.g., keyboard) with one contained within the attacking app that contains keylogging functionality, obtain the user's text messages, and more. Sky Elite 6.0L+ Android The device includes OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Sky Elite 6.0L+ is a smart phone based on Android platform produced by Sky Devices in the United States. An attacker could exploit this vulnerability to execute arbitrary commands as a system user

Trust: 1.71

sources: NVD: CVE-2018-15007 // JVNDB: JVNDB-2018-014504 // VULHUB: VHN-125223

AFFECTED PRODUCTS

vendor:skydevicesmodel:sky elite 6.0l\+scope:eqversion:sky\/x6069_trx_l601_sky\/x6069_trx_l601_sky\:6.0\/mra58k\/1482897127\:user\/release-keys

Trust: 1.0

vendor:sky devicesmodel:elite 6.0l+scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2018-014504 // NVD: CVE-2018-15007

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-15007
value: HIGH

Trust: 1.0

NVD: CVE-2018-15007
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201812-1259
value: MEDIUM

Trust: 0.6

VULHUB: VHN-125223
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-15007
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-125223
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-15007
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-125223 // JVNDB: JVNDB-2018-014504 // CNNVD: CNNVD-201812-1259 // NVD: CVE-2018-15007

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.9

sources: VULHUB: VHN-125223 // JVNDB: JVNDB-2018-014504 // NVD: CVE-2018-15007

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201812-1259

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-014504

PATCH
title:Top Pageurl:https://skydevices.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-014504

EXTERNAL IDS
db:NVDid:CVE-2018-15007
Trust: 2.5
db:JVNDBid:JVNDB-2018-014504
Trust: 0.8
db:CNNVDid:CNNVD-201812-1259
Trust: 0.7
db:VULHUBid:VHN-125223
Trust: 0.1
sources:
            
            
            VULHUB: VHN-125223 // 
            
            
            
            JVNDB: JVNDB-2018-014504 // 
            
            
            
            CNNVD: CNNVD-201812-1259 // 
            
            
            
            NVD: CVE-2018-15007

REFERENCES
url:https://www.kryptowire.com/portal/wp-content/uploads/2018/12/defcon-26-johnson-and-stavrou-vulnerable-out-of-the-box-an-eval-of-android-carrier-devices-wp-updated.pdf
Trust: 2.5
url:https://www.kryptowire.com/portal/android-firmware-defcon-2018/
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15007
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-15007
Trust: 0.8
sources:
            
            
            VULHUB: VHN-125223 // 
            
            
            
            JVNDB: JVNDB-2018-014504 // 
            
            
            
            CNNVD: CNNVD-201812-1259 // 
            
            
            
            NVD: CVE-2018-15007

SOURCES
db:VULHUBid:VHN-125223
db:JVNDBid:JVNDB-2018-014504
db:CNNVDid:CNNVD-201812-1259
db:NVDid:CVE-2018-15007

LAST UPDATE DATE
2024-11-23T22:21:52.859000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-125223date:2019-02-14T00:00:00
db:JVNDBid:JVNDB-2018-014504date:2019-03-25T00:00:00
db:CNNVDid:CNNVD-201812-1259date:2019-02-18T00:00:00
db:NVDid:CVE-2018-15007date:2024-11-21T03:50:20.650

SOURCES RELEASE DATE
db:VULHUBid:VHN-125223date:2018-12-28T00:00:00
db:JVNDBid:JVNDB-2018-014504date:2019-03-25T00:00:00
db:CNNVDid:CNNVD-201812-1259date:2018-12-29T00:00:00
db:NVDid:CVE-2018-15007date:2018-12-28T21:29:01.057