Details of VAR-201911-0544

ID

VAR-201911-0544

CVE

CVE-2019-15428

TITLE

Xiaomi Mi Note 2 Android Vulnerability related to externally controllable references to other domain resources on devices

Trust: 0.8

sources: JVNDB: JVNDB-2019-012298

DESCRIPTION

The Xiaomi Mi Note 2 Android device with a build fingerprint of Xiaomi/scorpio/scorpio:6.0.1/MXB48T/7.1.5:user/release-keys contains a pre-installed app with a package name of com.miui.powerkeeper app (versionCode=40000, versionName=4.0.00) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device. Xiaomi Mi Note 2 Android The device is vulnerable to an externally controllable reference to another realm resource.Information may be tampered with. Xiaomi Mi Note 2 is a smartphone from China's Xiaomi Technology. The com.miui.powerkeeper app in Xiaomi Mi Note 2 (build fingerprint: Xiaomi / scorpio / scorpio: 6.0.1 / MXB48T / 7.1.5: user / release-keys) has a security vulnerability. An attacker could use another application on the device to exploit the vulnerability to unauthorizedly modify wireless settings

Trust: 2.25

sources: NVD: CVE-2019-15428 // JVNDB: JVNDB-2019-012298 // CNVD: CNVD-2019-43671 // VULMON: CVE-2019-15428

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-43671

AFFECTED PRODUCTS

vendor:	mi	model:	note 2	scope:	eq	version:	-	Trust: 2.2
vendor:	xiaomi	model:	mi note 2	scope:	-	version:	-	Trust: 0.8
vendor:	xiaomi	model:	mi note	scope:	eq	version:	2	Trust: 0.6

sources: CNVD: CNVD-2019-43671 // JVNDB: JVNDB-2019-012298 // CNNVD: CNNVD-201911-930 // NVD: CVE-2019-15428

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-15428
value:	LOW
Trust: 1.0
NVD:	CVE-2019-15428
value:	LOW
Trust: 0.8
CNVD:	CNVD-2019-43671
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-201911-930
value:	LOW
Trust: 0.6
VULMON:	CVE-2019-15428
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2019-15428
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2019-43671
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2019-15428
baseSeverity:	LOW
baseScore:	3.3
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2019-15428
baseSeverity:	LOW
baseScore:	3.3
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2019-43671 // VULMON: CVE-2019-15428 // JVNDB: JVNDB-2019-012298 // CNNVD: CNNVD-201911-930 // NVD: CVE-2019-15428

PROBLEMTYPE DATA

problemtype:

CWE-610

Trust: 1.8

sources: JVNDB: JVNDB-2019-012298 // NVD: CVE-2019-15428

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201911-930

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201911-930

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-012298

PATCH

title:

Top Page

url:

https://www.mi.com/global/index.html

Trust: 0.8

sources: JVNDB: JVNDB-2019-012298

EXTERNAL IDS

db:	NVD	id:	CVE-2019-15428	Trust: 3.1
db:	JVNDB	id:	JVNDB-2019-012298	Trust: 0.8
db:	CNVD	id:	CNVD-2019-43671	Trust: 0.6
db:	CNNVD	id:	CNNVD-201911-930	Trust: 0.6
db:	VULMON	id:	CVE-2019-15428	Trust: 0.1

sources: CNVD: CNVD-2019-43671 // VULMON: CVE-2019-15428 // JVNDB: JVNDB-2019-012298 // CNNVD: CNNVD-201911-930 // NVD: CVE-2019-15428

REFERENCES

url:	https://www.kryptowire.com/android-firmware-2019/	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2019-15428	Trust: 2.0
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15428	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/610.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2019-43671 // VULMON: CVE-2019-15428 // JVNDB: JVNDB-2019-012298 // CNNVD: CNNVD-201911-930 // NVD: CVE-2019-15428

SOURCES

db:	CNVD	id:	CNVD-2019-43671
db:	VULMON	id:	CVE-2019-15428
db:	JVNDB	id:	JVNDB-2019-012298
db:	CNNVD	id:	CNNVD-201911-930
db:	NVD	id:	CVE-2019-15428

LAST UPDATE DATE

2024-11-23T22:16:47.061000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-43671	date:	2019-12-04T00:00:00
db:	VULMON	id:	CVE-2019-15428	date:	2019-11-25T00:00:00
db:	JVNDB	id:	JVNDB-2019-012298	date:	2019-11-29T00:00:00
db:	CNNVD	id:	CNNVD-201911-930	date:	2019-11-26T00:00:00
db:	NVD	id:	CVE-2019-15428	date:	2024-11-21T04:28:42.470

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-43671	date:	2019-12-04T00:00:00
db:	VULMON	id:	CVE-2019-15428	date:	2019-11-14T00:00:00
db:	JVNDB	id:	JVNDB-2019-012298	date:	2019-11-29T00:00:00
db:	CNNVD	id:	CNNVD-201911-930	date:	2019-11-14T00:00:00
db:	NVD	id:	CVE-2019-15428	date:	2019-11-14T17:15:21.693