Sign-up

ID

VAR-201911-0462


CVE

CVE-2019-15393


TITLE

Asus ZenFone Live Android Vulnerability related to externally controllable references to other domain resources on devices

Trust: 0.8

sources: JVNDB: JVNDB-2019-012429

DESCRIPTION

The Asus ZenFone Live Android device with a build fingerprint of asus/WW_Phone/ASUS_X00LD_3:7.1.1/NMF26F/14.0400.1806.203-20180720:user/release-keys contains a pre-installed app with a package name of com.asus.atd.smmitest app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device. Asus ZenFone Live Android device Contains a vulnerability in externally controllable references to other realm resources.Information may be tampered with. ASUS ZenFone Live is a smart phone from ASUS, Taiwan, China. The vulnerability stems from the network system or product improperly restricting access to resources from unauthorized roles. No detailed vulnerability details are currently provided

Trust: 2.16

sources: NVD: CVE-2019-15393 // JVNDB: JVNDB-2019-012429 // CNVD: CNVD-2020-04133

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-04133

AFFECTED PRODUCTS

vendor:asusmodel:zenfone live l1scope:eqversion: -

Trust: 1.2

vendor:asusmodel:zenfone live \scope:eqversion: -

Trust: 1.0

vendor:asustek computermodel:zenfone 5 selfiescope: - version: -

Trust: 0.8

vendor:asusmodel:zenfone live build fingerprint: asus/ww phone/asus x00ld 3: 7.1.1/nmf26f/14.0400.1806.203-20180720: user/release-keysscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2020-04133 // JVNDB: JVNDB-2019-012429 // CNNVD: CNNVD-201911-893 // NVD: CVE-2019-15393

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-15393
value: LOW

Trust: 1.0

NVD: CVE-2019-15393
value: LOW

Trust: 0.8

CNVD: CNVD-2020-04133
value: LOW

Trust: 0.6

CNNVD: CNNVD-201911-893
value: LOW

Trust: 0.6

nvd@nist.gov: CVE-2019-15393
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-04133
severity: LOW
baseScore: 1.7
vectorString: AV:L/AC:L/AU:S/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.1
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-15393
baseSeverity: LOW
baseScore: 3.3
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2019-15393
baseSeverity: LOW
baseScore: 3.3
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-04133 // JVNDB: JVNDB-2019-012429 // CNNVD: CNNVD-201911-893 // NVD: CVE-2019-15393

PROBLEMTYPE DATA

problemtype:CWE-610

Trust: 1.8

sources: JVNDB: JVNDB-2019-012429 // NVD: CVE-2019-15393

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201911-893

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201911-893

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-012429

PATCH
title:ZenFone Live (ZB501KL)url:https://www.asus.com/jp/Phone/ZenFone-Live-ZB501KL/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-012429

EXTERNAL IDS
db:NVDid:CVE-2019-15393
Trust: 3.0
db:JVNDBid:JVNDB-2019-012429
Trust: 0.8
db:CNVDid:CNVD-2020-04133
Trust: 0.6
db:CNNVDid:CNNVD-201911-893
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-04133 // 
            
            
            
            JVNDB: JVNDB-2019-012429 // 
            
            
            
            CNNVD: CNNVD-201911-893 // 
            
            
            
            NVD: CVE-2019-15393

REFERENCES
url:https://www.kryptowire.com/android-firmware-2019/
Trust: 2.4
url:https://nvd.nist.gov/vuln/detail/cve-2019-15393
Trust: 2.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15393
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2020-04133 // 
            
            
            
            JVNDB: JVNDB-2019-012429 // 
            
            
            
            CNNVD: CNNVD-201911-893 // 
            
            
            
            NVD: CVE-2019-15393

SOURCES
db:CNVDid:CNVD-2020-04133
db:JVNDBid:JVNDB-2019-012429
db:CNNVDid:CNNVD-201911-893
db:NVDid:CVE-2019-15393

LAST UPDATE DATE
2024-11-23T22:16:47.136000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-04133date:2020-03-08T00:00:00
db:JVNDBid:JVNDB-2019-012429date:2019-12-02T00:00:00
db:CNNVDid:CNNVD-201911-893date:2019-11-28T00:00:00
db:NVDid:CVE-2019-15393date:2024-11-21T04:28:37.303

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-04133date:2020-02-07T00:00:00
db:JVNDBid:JVNDB-2019-012429date:2019-12-02T00:00:00
db:CNNVDid:CNNVD-201911-893date:2019-11-14T00:00:00
db:NVDid:CVE-2019-15393date:2019-11-14T17:15:19.367