Sign-up

ID

VAR-201911-0483


CVE

CVE-2019-15414


TITLE

ASUS ZenFone AR Access Control Error Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2020-14728 // CNNVD: CNNVD-201911-917

DESCRIPTION

The Asus ZenFone AR Android device with a build fingerprint of asus/WW_ASUS_A002/ASUS_A002:7.0/NRD90M/14.1600.1805.51-20180626:user/release-keys contains a pre-installed app with a package name of com.asus.splendidcommandagent app (versionCode=1510200105, versionName=1.2.0.21_180605) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. Asus ZenFone AR Android The device is vulnerable to improper assignment of permissions to critical resources.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. ASUS ZenFone AR is a smartphone from ASUS, Taiwan. ASUS ZenFone AR has an access control error vulnerability. The vulnerability stems from a network system or product that did not properly restrict access to resources from unauthorized roles. An attacker could use this vulnerability to execute commands through an accessible application component

Trust: 2.16

sources: NVD: CVE-2019-15414 // JVNDB: JVNDB-2019-012407 // CNVD: CNVD-2020-14728

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-14728

AFFECTED PRODUCTS

vendor:asusmodel:zenfone arscope:eqversion: -

Trust: 1.0

vendor:asustek computermodel:zenfone arscope: - version: -

Trust: 0.8

vendor:asusmodel:zenfone arscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2020-14728 // JVNDB: JVNDB-2019-012407 // NVD: CVE-2019-15414

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-15414
value: HIGH

Trust: 1.0

NVD: CVE-2019-15414
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-14728
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201911-917
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2019-15414
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-14728
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-15414
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-15414
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-14728 // JVNDB: JVNDB-2019-012407 // CNNVD: CNNVD-201911-917 // NVD: CVE-2019-15414

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-732

Trust: 0.8

sources: JVNDB: JVNDB-2019-012407 // NVD: CVE-2019-15414

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201911-917

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201911-917

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-012407

PATCH
title:ZenFone AR (ZS571KL)url:https://www.asus.com/jp/Phone/ZenFone-AR-ZS571KL/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-012407

EXTERNAL IDS
db:NVDid:CVE-2019-15414
Trust: 3.0
db:JVNDBid:JVNDB-2019-012407
Trust: 0.8
db:CNVDid:CNVD-2020-14728
Trust: 0.6
db:CNNVDid:CNNVD-201911-917
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-14728 // 
            
            
            
            JVNDB: JVNDB-2019-012407 // 
            
            
            
            CNNVD: CNNVD-201911-917 // 
            
            
            
            NVD: CVE-2019-15414

REFERENCES
url:https://www.kryptowire.com/android-firmware-2019/
Trust: 2.4
url:https://nvd.nist.gov/vuln/detail/cve-2019-15414
Trust: 2.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15414
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2020-14728 // 
            
            
            
            JVNDB: JVNDB-2019-012407 // 
            
            
            
            CNNVD: CNNVD-201911-917 // 
            
            
            
            NVD: CVE-2019-15414

SOURCES
db:CNVDid:CNVD-2020-14728
db:JVNDBid:JVNDB-2019-012407
db:CNNVDid:CNNVD-201911-917
db:NVDid:CVE-2019-15414

LAST UPDATE DATE
2024-11-23T22:16:47.111000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-14728date:2020-03-01T00:00:00
db:JVNDBid:JVNDB-2019-012407date:2019-12-02T00:00:00
db:CNNVDid:CNNVD-201911-917date:2020-08-25T00:00:00
db:NVDid:CVE-2019-15414date:2024-11-21T04:28:40.453

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-14728date:2020-03-01T00:00:00
db:JVNDBid:JVNDB-2019-012407date:2019-12-02T00:00:00
db:CNNVDid:CNNVD-201911-917date:2019-11-14T00:00:00
db:NVDid:CVE-2019-15414date:2019-11-14T17:15:20.757