Sign-up

ID

VAR-201909-0564


CVE

CVE-2019-16257


TITLE

plural Motorola Vulnerability related to privilege management in devices

Trust: 0.8

sources: JVNDB: JVNDB-2019-009412

DESCRIPTION

Some Motorola devices include the SIMalliance Toolbox Browser (aka S@T Browser) on the UICC, which might allow remote attackers to retrieve location and IMEI information, or retrieve other data or execute certain commands, via SIM Toolkit (STK) instructions in an SMS message, aka Simjacker. plural Motorola The device contains a privilege management vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. A security vulnerability exists in Motorola devices, including: SIMalliance Toolbox Browser. A remote attacker could exploit this vulnerability to retrieve address and IMEI information, retrieve other data, or execute commands

Trust: 1.71

sources: NVD: CVE-2019-16257 // JVNDB: JVNDB-2019-009412 // VULHUB: VHN-148385

AFFECTED PRODUCTS

vendor:motorolamodel:motorolascope:eqversion: -

Trust: 1.0

vendor:motorolamodel:motorolascope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-009412 // NVD: CVE-2019-16257

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-16257
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-16257
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201909-636
value: MEDIUM

Trust: 0.6

VULHUB: VHN-148385
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-16257
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-148385
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-16257
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-16257
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-148385 // JVNDB: JVNDB-2019-009412 // CNNVD: CNNVD-201909-636 // NVD: CVE-2019-16257

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-269

Trust: 0.9

sources: VULHUB: VHN-148385 // JVNDB: JVNDB-2019-009412 // NVD: CVE-2019-16257

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201909-636

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201909-636

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-009412

PATCH
title:Top Pageurl:https://www.motorola.com/us/home
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-009412

EXTERNAL IDS
db:NVDid:CVE-2019-16257
Trust: 2.5
db:JVNDBid:JVNDB-2019-009412
Trust: 0.8
db:CNNVDid:CNNVD-201909-636
Trust: 0.7
db:VULHUBid:VHN-148385
Trust: 0.1
sources:
            
            
            VULHUB: VHN-148385 // 
            
            
            
            JVNDB: JVNDB-2019-009412 // 
            
            
            
            CNNVD: CNNVD-201909-636 // 
            
            
            
            NVD: CVE-2019-16257

REFERENCES
url:https://www.adaptivemobile.com/blog/simjacker-next-generation-spying-over-mobile
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2019-16257
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-16257
Trust: 0.8
sources:
            
            
            VULHUB: VHN-148385 // 
            
            
            
            JVNDB: JVNDB-2019-009412 // 
            
            
            
            CNNVD: CNNVD-201909-636 // 
            
            
            
            NVD: CVE-2019-16257

SOURCES
db:VULHUBid:VHN-148385
db:JVNDBid:JVNDB-2019-009412
db:CNNVDid:CNNVD-201909-636
db:NVDid:CVE-2019-16257

LAST UPDATE DATE
2024-11-23T22:29:56.841000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-148385date:2020-08-24T00:00:00
db:JVNDBid:JVNDB-2019-009412date:2019-09-20T00:00:00
db:CNNVDid:CNNVD-201909-636date:2020-09-02T00:00:00
db:NVDid:CVE-2019-16257date:2024-11-21T04:30:24.363

SOURCES RELEASE DATE
db:VULHUBid:VHN-148385date:2019-09-12T00:00:00
db:JVNDBid:JVNDB-2019-009412date:2019-09-20T00:00:00
db:CNNVDid:CNNVD-201909-636date:2019-09-12T00:00:00
db:NVDid:CVE-2019-16257date:2019-09-12T13:15:10.407