Details of VAR-201911-0534

ID

VAR-201911-0534

CVE

CVE-2019-15369

TITLE

Lava Z61 Turbo Android Lack of authentication on device

Trust: 0.8

sources: JVNDB: JVNDB-2019-012483

DESCRIPTION

The Lava Z61 Turbo Android device with a build fingerprint of LAVA/Z61_Turbo/Z61_Turbo:8.1.0/O11019/1536917928:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. Lava Z61 Turbo Android The device is vulnerable to a lack of authentication.Information may be tampered with

Trust: 1.62

sources: NVD: CVE-2019-15369 // JVNDB: JVNDB-2019-012483

AFFECTED PRODUCTS

vendor:	lavamobiles	model:	z61 turbo	scope:	eq	version:	-	Trust: 1.0
vendor:	lava	model:	z61	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2019-012483 // NVD: CVE-2019-15369

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-15369
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-15369
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201911-897
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2019-15369
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

nvd@nist.gov:	CVE-2019-15369
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2019-15369
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2019-012483 // CNNVD: CNNVD-201911-897 // NVD: CVE-2019-15369

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-862	Trust: 0.8

sources: JVNDB: JVNDB-2019-012483 // NVD: CVE-2019-15369

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201911-897

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201911-897

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-012483

PATCH

title:

Z61

url:

https://www.lavamobiles.com/smartphone/z61

Trust: 0.8

sources: JVNDB: JVNDB-2019-012483

EXTERNAL IDS

db:	NVD	id:	CVE-2019-15369	Trust: 2.4
db:	JVNDB	id:	JVNDB-2019-012483	Trust: 0.8
db:	CNNVD	id:	CNNVD-201911-897	Trust: 0.6

sources: JVNDB: JVNDB-2019-012483 // CNNVD: CNNVD-201911-897 // NVD: CVE-2019-15369

REFERENCES

url:	https://www.kryptowire.com/android-firmware-2019/	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-15369	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15369	Trust: 0.8

sources: JVNDB: JVNDB-2019-012483 // CNNVD: CNNVD-201911-897 // NVD: CVE-2019-15369

SOURCES

db:	JVNDB	id:	JVNDB-2019-012483
db:	CNNVD	id:	CNNVD-201911-897
db:	NVD	id:	CVE-2019-15369

LAST UPDATE DATE

2024-11-23T23:01:39.162000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2019-012483	date:	2019-12-03T00:00:00
db:	CNNVD	id:	CNNVD-201911-897	date:	2020-08-25T00:00:00
db:	NVD	id:	CVE-2019-15369	date:	2024-11-21T04:28:33.827

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2019-012483	date:	2019-12-03T00:00:00
db:	CNNVD	id:	CNNVD-201911-897	date:	2019-11-14T00:00:00
db:	NVD	id:	CVE-2019-15369	date:	2019-11-14T17:15:17.617