Details of VAR-201904-0568

ID

VAR-201904-0568

CVE

CVE-2018-14996

TITLE

Oppo F5 Android Command injection vulnerability in devices

Trust: 0.8

sources: JVNDB: JVNDB-2018-015351

DESCRIPTION

The Oppo F5 Android device with a build fingerprint of OPPO/CPH1723/CPH1723:7.1.1/N6F26Q/1513597833:user/release-keys contains a pre-installed platform app with a package name of com.dropboxchmod (versionCode=1, versionName=1.0) that contains an exported service named com.dropboxchmod.DropboxChmodService that allows any app co-located on the device to supply arbitrary commands to be executed as the system user. This app cannot be disabled by the user and the attack can be performed by a zero-permission app. Executing commands as system user can allow a third-party app to video record the user's screen, factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the Graphical User Interface (GUI), and obtains the user's text messages, and more. This vulnerability can also be used to secretly record audio of the user without their awareness on the Oppo F5 device. The pre-installed com.oppo.engineermode app (versionCode=25, versionName=V1.01) has an exported activity that can be started to initiate a recording and quickly dismissed. The activity can be started in a way that the user will not be able to see the app in the recent apps list. The resulting audio amr file can be copied from a location on internal storage using the arbitrary command execution as system user vulnerability. Executing commands as system user can allow a third-party app to factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the Graphical User Interface (GUI), change the default Input Method Editor (IME) (e.g., keyboard) with one contained within the attacking app that contains keylogging functionality, obtain the user's text messages, and more. The OPPO F5 is a smartphone based on the Android platform from the Chinese OPPO Guangdong Mobile Communications (OPPO) company

Trust: 1.71

sources: NVD: CVE-2018-14996 // JVNDB: JVNDB-2018-015351 // VULHUB: VHN-125211

AFFECTED PRODUCTS

vendor:	oppo	model:	f5	scope:	eq	version:	-	Trust: 1.0
vendor:	oppo	model:	f5	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2018-015351 // NVD: CVE-2018-14996

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-14996
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-14996
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201904-1181
value:	HIGH
Trust: 0.6
VULHUB:	VHN-125211
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-14996
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-125211
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-14996
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-125211 // JVNDB: JVNDB-2018-015351 // CNNVD: CNNVD-201904-1181 // NVD: CVE-2018-14996

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-77	Trust: 0.9

sources: VULHUB: VHN-125211 // JVNDB: JVNDB-2018-015351 // NVD: CVE-2018-14996

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201904-1181

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-201904-1181

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-015351

PATCH

title:

Top Page

url:

https://www.oppo.com/en/

Trust: 0.8

sources: JVNDB: JVNDB-2018-015351

EXTERNAL IDS

db:	NVD	id:	CVE-2018-14996	Trust: 2.5
db:	JVNDB	id:	JVNDB-2018-015351	Trust: 0.8
db:	CNNVD	id:	CNNVD-201904-1181	Trust: 0.7
db:	VULHUB	id:	VHN-125211	Trust: 0.1

sources: VULHUB: VHN-125211 // JVNDB: JVNDB-2018-015351 // CNNVD: CNNVD-201904-1181 // NVD: CVE-2018-14996

REFERENCES

url:	https://www.kryptowire.com/portal/android-firmware-defcon-2018/	Trust: 1.7
url:	https://www.kryptowire.com/portal/wp-content/uploads/2018/12/defcon-26-johnson-and-stavrou-vulnerable-out-of-the-box-an-eval-of-android-carrier-devices-wp-updated.pdf	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2018-14996	Trust: 1.4
url:	https://www.kryptowire.com	Trust: 1.1
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14996	Trust: 0.8
url:	https://www.kryptowire.com/android-firmware-defcon-2018/	Trust: 0.8

sources: VULHUB: VHN-125211 // JVNDB: JVNDB-2018-015351 // CNNVD: CNNVD-201904-1181 // NVD: CVE-2018-14996

SOURCES

db:	VULHUB	id:	VHN-125211
db:	JVNDB	id:	JVNDB-2018-015351
db:	CNNVD	id:	CNNVD-201904-1181
db:	NVD	id:	CVE-2018-14996

LAST UPDATE DATE

2024-11-23T22:06:17.191000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-125211	date:	2019-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2018-015351	date:	2019-05-29T00:00:00
db:	CNNVD	id:	CNNVD-201904-1181	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2018-14996	date:	2024-11-21T03:50:17.897

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-125211	date:	2019-04-25T00:00:00
db:	JVNDB	id:	JVNDB-2018-015351	date:	2019-05-29T00:00:00
db:	CNNVD	id:	CNNVD-201904-1181	date:	2019-04-25T00:00:00
db:	NVD	id:	CVE-2018-14996	date:	2019-04-25T20:29:01.163