Sign-up

ID

VAR-201911-0437


CVE

CVE-2019-15472


TITLE

Xiaomi Mi A2 Lite Android Vulnerability related to externally controllable references to other domain resources on devices

Trust: 0.8

sources: JVNDB: JVNDB-2019-012143

DESCRIPTION

The Xiaomi Mi A2 Lite Android device with a build fingerprint of xiaomi/daisy/daisy_sprout:9/PKQ1.180917.001/V10.0.3.0.PDLMIXM:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app (versionCode=28, versionName=9) that allows unauthorized microphone audio recording via a confused deputy attack. This capability can be accessed by any app co-located on the device. This app allows a third-party app to use its open interface to record telephone calls to external storage. Xiaomi Mi A2 Lite Android The device is vulnerable to an externally controllable reference to another realm resource.Information may be obtained. Xiaomi Mi A2 Lite is a smartphone from China Xiaomi Technology. The com.qualcomm.qti.callenhancement app in Xiaomi Mi A2 Lite (build fingerprint:xiaomi/daisy/daisy_sprout:9/PKQ1.180917.001/V10.0.3.0.PDLMIXM:user/release-keys) has a security vulnerability. An attacker can exploit this vulnerability for unauthorized microphone recording

Trust: 2.16

sources: NVD: CVE-2019-15472 // JVNDB: JVNDB-2019-012143 // CNVD: CNVD-2019-41694

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-41694

AFFECTED PRODUCTS

vendor:mimodel:a2 litescope:eqversion: -

Trust: 2.2

vendor:xiaomimodel:mi a2 litescope: - version: -

Trust: 0.8

vendor:xiaomimodel:a2 litescope:eqversion:9

Trust: 0.6

sources: CNVD: CNVD-2019-41694 // JVNDB: JVNDB-2019-012143 // CNNVD: CNNVD-201911-975 // NVD: CVE-2019-15472

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-15472
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-15472
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2019-41694
value: LOW

Trust: 0.6

CNNVD: CNNVD-201911-975
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2019-15472
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-41694
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-15472
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2019-15472
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2019-41694 // JVNDB: JVNDB-2019-012143 // CNNVD: CNNVD-201911-975 // NVD: CVE-2019-15472

PROBLEMTYPE DATA

problemtype:CWE-610

Trust: 1.8

sources: JVNDB: JVNDB-2019-012143 // NVD: CVE-2019-15472

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201911-975

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201911-975

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-012143

PATCH
title:Mi A2 Liteurl:https://www.mi.com/global/mi-a2-lite
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-012143

EXTERNAL IDS
db:NVDid:CVE-2019-15472
Trust: 3.0
db:JVNDBid:JVNDB-2019-012143
Trust: 0.8
db:CNVDid:CNVD-2019-41694
Trust: 0.6
db:CNNVDid:CNNVD-201911-975
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-41694 // 
            
            
            
            JVNDB: JVNDB-2019-012143 // 
            
            
            
            CNNVD: CNNVD-201911-975 // 
            
            
            
            NVD: CVE-2019-15472

REFERENCES
url:https://www.kryptowire.com/android-firmware-2019/
Trust: 2.4
url:https://nvd.nist.gov/vuln/detail/cve-2019-15472
Trust: 2.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15472
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2019-41694 // 
            
            
            
            JVNDB: JVNDB-2019-012143 // 
            
            
            
            CNNVD: CNNVD-201911-975 // 
            
            
            
            NVD: CVE-2019-15472

SOURCES
db:CNVDid:CNVD-2019-41694
db:JVNDBid:JVNDB-2019-012143
db:CNNVDid:CNNVD-201911-975
db:NVDid:CVE-2019-15472

LAST UPDATE DATE
2024-11-23T21:36:32.430000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-41694date:2019-11-21T00:00:00
db:JVNDBid:JVNDB-2019-012143date:2019-11-26T00:00:00
db:CNNVDid:CNNVD-201911-975date:2019-11-21T00:00:00
db:NVDid:CVE-2019-15472date:2024-11-21T04:28:48.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-41694date:2019-11-21T00:00:00
db:JVNDBid:JVNDB-2019-012143date:2019-11-26T00:00:00
db:CNNVDid:CNNVD-201911-975date:2019-11-14T00:00:00
db:NVDid:CVE-2019-15472date:2019-11-14T17:15:24.553