Sign-up

ID

VAR-201911-0436


CVE

CVE-2019-15471


TITLE

Xiaomi Mi Mix 2S Access Control Error Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2019-41692 // CNNVD: CNNVD-201911-978

DESCRIPTION

The Xiaomi Mi Mix 2S Android device with a build fingerprint of Xiaomi/polaris/polaris:8.0.0/OPR1.170623.032/V9.5.19.0.ODGMIFA:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app (versionCode=27, versionName=8.1.0) that allows other pre-installed apps to perform microphone audio recording via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that export their capabilities to other pre-installed app. This app allows a third-party app to use its open interface to record telephone calls to external storage. Xiaomi Mi Mix 2S Android Devices are vulnerable to improper assignment of permissions to critical resources.Information may be obtained. Xiaomi Mi Mix 2S is a smartphone from China Xiaomi Technology. Com.qualcomm.qti.callenhancement app in Xiaomi Mi Mix 2S(build fingerprint:Xiaomi/polaris/polaris:8.0.0/OPR1.170623.032/V9.5.19.0.ODGMIFA:user/release-keys) has access control error Vulnerabilities. An attacker could use the vulnerability to make unauthorized microphone recordings with third-party software

Trust: 2.16

sources: NVD: CVE-2019-15471 // JVNDB: JVNDB-2019-012076 // CNVD: CNVD-2019-41692

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-41692

AFFECTED PRODUCTS

vendor:mimodel:mix 2sscope:eqversion: -

Trust: 1.0

vendor:xiaomimodel:mi mix 2sscope: - version: -

Trust: 0.8

vendor:xiaomimodel:mix 2sscope:eqversion:8.1.0

Trust: 0.6

sources: CNVD: CNVD-2019-41692 // JVNDB: JVNDB-2019-012076 // NVD: CVE-2019-15471

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-15471
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-15471
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2019-41692
value: LOW

Trust: 0.6

CNNVD: CNNVD-201911-978
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2019-15471
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-41692
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-15471
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2019-15471
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2019-41692 // JVNDB: JVNDB-2019-012076 // CNNVD: CNNVD-201911-978 // NVD: CVE-2019-15471

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-732

Trust: 0.8

sources: JVNDB: JVNDB-2019-012076 // NVD: CVE-2019-15471

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201911-978

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201911-978

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-012076

PATCH
title:Mi Mix 2Surl:https://www.mi.com/global/mix2s
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-012076

EXTERNAL IDS
db:NVDid:CVE-2019-15471
Trust: 3.0
db:JVNDBid:JVNDB-2019-012076
Trust: 0.8
db:CNVDid:CNVD-2019-41692
Trust: 0.6
db:CNNVDid:CNNVD-201911-978
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-41692 // 
            
            
            
            JVNDB: JVNDB-2019-012076 // 
            
            
            
            CNNVD: CNNVD-201911-978 // 
            
            
            
            NVD: CVE-2019-15471

REFERENCES
url:https://www.kryptowire.com/android-firmware-2019/
Trust: 2.4
url:https://nvd.nist.gov/vuln/detail/cve-2019-15471
Trust: 2.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15471
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2019-41692 // 
            
            
            
            JVNDB: JVNDB-2019-012076 // 
            
            
            
            CNNVD: CNNVD-201911-978 // 
            
            
            
            NVD: CVE-2019-15471

SOURCES
db:CNVDid:CNVD-2019-41692
db:JVNDBid:JVNDB-2019-012076
db:CNNVDid:CNNVD-201911-978
db:NVDid:CVE-2019-15471

LAST UPDATE DATE
2024-11-23T22:11:46.694000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-41692date:2019-11-21T00:00:00
db:JVNDBid:JVNDB-2019-012076date:2019-11-25T00:00:00
db:CNNVDid:CNNVD-201911-978date:2020-08-25T00:00:00
db:NVDid:CVE-2019-15471date:2024-11-21T04:28:48.720

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-41692date:2019-11-21T00:00:00
db:JVNDBid:JVNDB-2019-012076date:2019-11-25T00:00:00
db:CNNVDid:CNNVD-201911-978date:2019-11-14T00:00:00
db:NVDid:CVE-2019-15471date:2019-11-14T17:15:24.490