Sign-up

ID

VAR-201911-0438


CVE

CVE-2019-15473


TITLE

Xiaomi Mi A2 Lite Access Control Error Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2019-41693 // CNNVD: CNNVD-201911-977

DESCRIPTION

The Xiaomi Mi A2 Lite Android device with a build fingerprint of xiaomi/jasmine/jasmine_sprout:9/PKQ1.180904.001/V10.0.2.0.PDIMIFJ:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app (versionCode=28, versionName=9) that allows unauthorized microphone audio recording via a confused deputy attack. This capability can be accessed by any app co-located on the device. This app allows a third-party app to use its open interface to record telephone calls to external storage. Xiaomi Mi A2 Lite Android The device is vulnerable to an externally controllable reference to another realm resource.Information may be obtained. Xiaomi Mi A2 Lite is a smartphone from China Xiaomi Technology. An attacker can exploit this vulnerability for unauthorized microphone recording

Trust: 2.25

sources: NVD: CVE-2019-15473 // JVNDB: JVNDB-2019-012077 // CNVD: CNVD-2019-41693 // VULMON: CVE-2019-15473

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-41693

AFFECTED PRODUCTS

vendor:mimodel:a2 litescope:eqversion: -

Trust: 2.2

vendor:xiaomimodel:mi a2 litescope: - version: -

Trust: 0.8

vendor:xiaomimodel:a2 litescope:eqversion:9

Trust: 0.6

sources: CNVD: CNVD-2019-41693 // JVNDB: JVNDB-2019-012077 // CNNVD: CNNVD-201911-977 // NVD: CVE-2019-15473

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-15473
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-15473
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2019-41693
value: LOW

Trust: 0.6

CNNVD: CNNVD-201911-977
value: MEDIUM

Trust: 0.6

VULMON: CVE-2019-15473
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2019-15473
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2019-41693
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-15473
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2019-15473
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2019-41693 // VULMON: CVE-2019-15473 // JVNDB: JVNDB-2019-012077 // CNNVD: CNNVD-201911-977 // NVD: CVE-2019-15473

PROBLEMTYPE DATA

problemtype:CWE-610

Trust: 1.8

sources: JVNDB: JVNDB-2019-012077 // NVD: CVE-2019-15473

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201911-977

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201911-977

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-012077

PATCH
title:Mi A2 Liteurl:https://www.mi.com/global/mi-a2-lite
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-012077

EXTERNAL IDS
db:NVDid:CVE-2019-15473
Trust: 3.1
db:JVNDBid:JVNDB-2019-012077
Trust: 0.8
db:CNVDid:CNVD-2019-41693
Trust: 0.6
db:CNNVDid:CNNVD-201911-977
Trust: 0.6
db:VULMONid:CVE-2019-15473
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-41693 // 
            
            
            
            VULMON: CVE-2019-15473 // 
            
            
            
            JVNDB: JVNDB-2019-012077 // 
            
            
            
            CNNVD: CNNVD-201911-977 // 
            
            
            
            NVD: CVE-2019-15473

REFERENCES
url:https://www.kryptowire.com/android-firmware-2019/
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2019-15473
Trust: 2.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15473
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/610.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-41693 // 
            
            
            
            VULMON: CVE-2019-15473 // 
            
            
            
            JVNDB: JVNDB-2019-012077 // 
            
            
            
            CNNVD: CNNVD-201911-977 // 
            
            
            
            NVD: CVE-2019-15473

SOURCES
db:CNVDid:CNVD-2019-41693
db:VULMONid:CVE-2019-15473
db:JVNDBid:JVNDB-2019-012077
db:CNNVDid:CNNVD-201911-977
db:NVDid:CVE-2019-15473

LAST UPDATE DATE
2024-11-23T23:04:35.999000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-41693date:2019-11-21T00:00:00
db:VULMONid:CVE-2019-15473date:2019-11-19T00:00:00
db:JVNDBid:JVNDB-2019-012077date:2019-11-25T00:00:00
db:CNNVDid:CNNVD-201911-977date:2019-11-20T00:00:00
db:NVDid:CVE-2019-15473date:2024-11-21T04:28:48.997

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-41693date:2019-11-21T00:00:00
db:VULMONid:CVE-2019-15473date:2019-11-14T00:00:00
db:JVNDBid:JVNDB-2019-012077date:2019-11-25T00:00:00
db:CNNVDid:CNNVD-201911-977date:2019-11-14T00:00:00
db:NVDid:CVE-2019-15473date:2019-11-14T17:15:24.600