Sign-up

ID

VAR-201911-1325


CVE

CVE-2019-15743


TITLE

Sony Xperia Touch Access Control Error Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2019-41673 // CNNVD: CNNVD-201911-981

DESCRIPTION

The Sony Xperia Touch Android device with a build fingerprint of Sony/blanc_windy/blanc_windy:7.0/LOIRE-SMART-BLANC-1.0.0-170530-0834/1:user/dev-keys contains a pre-installed app with a package name of com.sonymobile.android.maintenancetool.testmic app (versionCode=24, versionName=7.0) that allows unauthorized microphone audio recording via a confused deputy attack. This capability can be accessed by any app co-located on the device. This app allows a third-party app to use its open interface to record audio to external storage. Sony Xperia Touch Android The device is vulnerable to an externally controllable reference to another realm resource.Information may be obtained. Sony Xperia Touch is a touch projector from Sony Corporation of Japan. Com.sonymobile.android.maintenancetool.testmic app in Sony Xperia Touch (build fingerprint:Sony/blanc_windy/blanc_windy:7.0/LOIRE-SMART-BLANC-1.0.0-170530-0834/1:user/dev-keys) Access control error vulnerability. An attacker can exploit this vulnerability for unauthorized microphone recording

Trust: 2.16

sources: NVD: CVE-2019-15743 // JVNDB: JVNDB-2019-012073 // CNVD: CNVD-2019-41673

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-41673

AFFECTED PRODUCTS

vendor:sonymodel:xperia touchscope:eqversion: -

Trust: 2.2

vendor:sonymodel:xperia touchscope: - version: -

Trust: 1.4

sources: CNVD: CNVD-2019-41673 // JVNDB: JVNDB-2019-012073 // CNNVD: CNNVD-201911-981 // NVD: CVE-2019-15743

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-15743
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-15743
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2019-41673
value: LOW

Trust: 0.6

CNNVD: CNNVD-201911-981
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2019-15743
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-41673
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-15743
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2019-15743
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2019-41673 // JVNDB: JVNDB-2019-012073 // CNNVD: CNNVD-201911-981 // NVD: CVE-2019-15743

PROBLEMTYPE DATA

problemtype:CWE-610

Trust: 1.8

sources: JVNDB: JVNDB-2019-012073 // NVD: CVE-2019-15743

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201911-981

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201911-981

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-012073

PATCH
title:Xperia Touch G1109url:https://www.sonymobile.co.jp/product/smartproducts/g1109/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-012073

EXTERNAL IDS
db:NVDid:CVE-2019-15743
Trust: 3.0
db:JVNDBid:JVNDB-2019-012073
Trust: 0.8
db:CNVDid:CNVD-2019-41673
Trust: 0.6
db:CNNVDid:CNNVD-201911-981
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-41673 // 
            
            
            
            JVNDB: JVNDB-2019-012073 // 
            
            
            
            CNNVD: CNNVD-201911-981 // 
            
            
            
            NVD: CVE-2019-15743

REFERENCES
url:https://www.kryptowire.com/android-firmware-2019/
Trust: 2.4
url:https://nvd.nist.gov/vuln/detail/cve-2019-15743
Trust: 2.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15743
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2019-41673 // 
            
            
            
            JVNDB: JVNDB-2019-012073 // 
            
            
            
            CNNVD: CNNVD-201911-981 // 
            
            
            
            NVD: CVE-2019-15743

SOURCES
db:CNVDid:CNVD-2019-41673
db:JVNDBid:JVNDB-2019-012073
db:CNNVDid:CNNVD-201911-981
db:NVDid:CVE-2019-15743

LAST UPDATE DATE
2024-11-23T22:51:33.324000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-41673date:2019-11-21T00:00:00
db:JVNDBid:JVNDB-2019-012073date:2019-11-25T00:00:00
db:CNNVDid:CNNVD-201911-981date:2019-11-20T00:00:00
db:NVDid:CVE-2019-15743date:2024-11-21T04:29:23.103

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-41673date:2019-11-21T00:00:00
db:JVNDBid:JVNDB-2019-012073date:2019-11-25T00:00:00
db:CNNVDid:CNNVD-201911-981date:2019-11-14T00:00:00
db:NVDid:CVE-2019-15743date:2019-11-14T17:15:24.787