Details of VAR-201904-0564

ID

VAR-201904-0564

CVE

CVE-2018-14990

TITLE

Coolpad Defiant And multiple T-Mobile Product device Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-015354

DESCRIPTION

The Coolpad Defiant device with a build fingerprint of Coolpad/cp3632a/cp3632a:7.1.1/NMF26F/099480857:user/release-keys, the ZTE ZMAX Pro with a build fingerprint of ZTE/P895T20/urd:6.0.1/MMB29M/20170418.114928:user/release-keys, and the T-Mobile Revvl Plus with a build fingerprint of Coolpad/alchemy/alchemy:7.1.1/143.14.171129.3701A-TMO/buildf_nj_02-206:user/release-keys all contain a vulnerable, pre-installed Rich Communication Services (RCS) app. These devices contain an that app has a package name of com.suntek.mway.rcs.app.service (versionCode=1, versionName=RCS_sdk_M_native_20161008_01; versionCode=1, versionName=RCS_sdk_M_native_20170406_01) with a broadcast receiver app component named com.suntek.mway.rcs.app.test.TestReceiver and a refactored version of the app with a package name of com.rcs.gsma.na.sdk (versionCode=1, versionName=RCS_SDK_20170804_01) with a broadcast receiver app component named com.rcs.gsma.na.test.TestReceiver allow any app co-located on the device to programmatically send text messages where the number and body of the text message is controlled by the attacker due to an exported broadcast receiver app component. This app cannot be disabled by the user and the attack can be performed by a zero-permission app. A separate vulnerability in the app allows a zero-permission app to programmatically delete text messages, so the sent text messages can be removed to not alert the user. Coolpad Defiant , T-Mobile Revvl Plus , ZTE ZMAX Pro The device contains an input validation vulnerability.Information may be tampered with

Trust: 1.71

sources: NVD: CVE-2018-14990 // JVNDB: JVNDB-2018-015354 // VULHUB: VHN-125205

AFFECTED PRODUCTS

vendor:	coolpad	model:	defiant	scope:	eq	version:	-	Trust: 1.0
vendor:	t mobile	model:	zte zmax pro	scope:	eq	version:	-	Trust: 1.0
vendor:	t mobile	model:	revvl plus	scope:	eq	version:	-	Trust: 1.0
vendor:	coolpad	model:	defiant	scope:	-	version:	-	Trust: 0.8
vendor:	t mobile	model:	revvl plus	scope:	-	version:	-	Trust: 0.8
vendor:	t mobile	model:	zte zmax pro	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2018-015354 // NVD: CVE-2018-14990

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-14990
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-14990
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201904-1175
value:	HIGH
Trust: 0.6
VULHUB:	VHN-125205
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-14990
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-125205
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-14990
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-125205 // JVNDB: JVNDB-2018-015354 // CNNVD: CNNVD-201904-1175 // NVD: CVE-2018-14990

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-125205 // JVNDB: JVNDB-2018-015354 // NVD: CVE-2018-14990

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201904-1175

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-015354

PATCH

title:	Top Page	url:	https://coolpad.us/	Trust: 0.8
title:	Top Page	url:	https://www.t-mobile.com/	Trust: 0.8

sources: JVNDB: JVNDB-2018-015354

EXTERNAL IDS

db:	NVD	id:	CVE-2018-14990	Trust: 2.5
db:	JVNDB	id:	JVNDB-2018-015354	Trust: 0.8
db:	CNNVD	id:	CNNVD-201904-1175	Trust: 0.7
db:	VULHUB	id:	VHN-125205	Trust: 0.1

sources: VULHUB: VHN-125205 // JVNDB: JVNDB-2018-015354 // CNNVD: CNNVD-201904-1175 // NVD: CVE-2018-14990

REFERENCES

url:	https://www.kryptowire.com/portal/wp-content/uploads/2018/12/defcon-26-johnson-and-stavrou-vulnerable-out-of-the-box-an-eval-of-android-carrier-devices-wp-updated.pdf	Trust: 2.5
url:	https://www.kryptowire.com/portal/android-firmware-defcon-2018/	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2018-14990	Trust: 1.4
url:	https://www.kryptowire.com	Trust: 1.1
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14990	Trust: 0.8

sources: VULHUB: VHN-125205 // JVNDB: JVNDB-2018-015354 // CNNVD: CNNVD-201904-1175 // NVD: CVE-2018-14990

SOURCES

db:	VULHUB	id:	VHN-125205
db:	JVNDB	id:	JVNDB-2018-015354
db:	CNNVD	id:	CNNVD-201904-1175
db:	NVD	id:	CVE-2018-14990

LAST UPDATE DATE

2024-11-23T22:17:05.571000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-125205	date:	2019-05-02T00:00:00
db:	JVNDB	id:	JVNDB-2018-015354	date:	2019-05-29T00:00:00
db:	CNNVD	id:	CNNVD-201904-1175	date:	2019-04-28T00:00:00
db:	NVD	id:	CVE-2018-14990	date:	2024-11-21T03:50:16.080

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-125205	date:	2019-04-25T00:00:00
db:	JVNDB	id:	JVNDB-2018-015354	date:	2019-05-29T00:00:00
db:	CNNVD	id:	CNNVD-201904-1175	date:	2019-04-25T00:00:00
db:	NVD	id:	CVE-2018-14990	date:	2019-04-25T20:29:00.647