CVE-2018-6599
CVSS V2 Low 2.1
CVSS V3 Medium 5.5
Description
An issue was discovered on Orbic Wonder Orbic/RC555L/RC555L:7.1.2/N2G47H/329100b:user/release-keys devices, allowing attackers to obtain sensitive information (such as text-message content) by reading a copy of the Android log on the SD card. The system-wide Android logs are not directly available to third-party apps since they tend to contain sensitive data. Third-party apps can read from the log but only the log messages that the app itself has written. Certain apps can leak data to the Android log due to not sanitizing log messages, which is in an insecure programming practice. Pre-installed system apps and apps that are signed with the framework key can read from the system-wide Android log. We found a pre-installed app on the Orbic Wonder that when started via an Intent will write the Android log to the SD card, also known as external storage, via com.ckt.mmitest.MmiMainActivity. Any app that requests the READ_EXTERNAL_STORAGE permission can read from the SD card. Therefore, a local app on the device can quickly start a specific component in the pre-installed system app to have the Android log written to the SD card. Therefore, any app co-located on the device with the READ_EXTERNAL_STORAGE permission can obtain the data contained within the Android log and continually monitor it and mine the log for relevant data. In addition, the default messaging app (com.android.mms) writes the body of sent and received text messages to the Android log, as well as the recipient phone number for sent text messages and the sending phone number for received text messages. In addition, any call data contains phone numbers for sent and received calls.
Overview
- CVE ID
- CVE-2018-6599
- Assigner
- cve@mitre.org
- Vulnerability Status
- Analyzed
- Published Version
- 2018-08-29T19:29:01
- Last Modified Date
- 2018-10-29T19:07:09
Weakness Enumerations
CPE Configuration (Product)
CPE | Vulnerable | Operator | Version Start | Version End |
---|---|---|---|---|
AND | ||||
cpe:2.3:o:orbic:wonder_rc555l_firmware:7.1:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:o:orbic:wonder_rc555l_firmware:7.1.2:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:h:orbic:wonder_rc555l:-:*:*:*:*:*:*:* | 0 | OR |
CVSS Version 2
- Version
- 2.0
- Vector String
- AV:L/AC:L/Au:N/C:P/I:N/A:N
- Access Vector
- LOCAL
- Access Compatibility
- LOW
- Authentication
- NONE
- Confidentiality Impact
- PARTIAL
- Integrity Impact
- NONE
- Availability Impact
- NONE
- Base Score
- 2.1
- Severity
- LOW
- Exploitability Score
- 3.9
- Impact Score
- 2.9
CVSS Version 3
- Version
- 3.0
- Vector String
- CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
- Attack Vector
- LOCAL
- Attack Compatibility
- LOW
- Privileges Required
- LOW
- User Interaction
- NONE
- Scope
- UNCHANGED
- Confidentiality Impact
- HIGH
- Availability Impact
- NONE
- Base Score
- 5.5
- Base Severity
- MEDIUM
- Exploitability Score
- 1.8
- Impact Score
- 3.6
References
Reference URL | Reference Tags |
---|---|
https://www.kryptowire.com/portal/android-firmware-defcon-2018/ | Third Party Advisory |
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2018-6599 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6599 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2022-05-10 18:02:40 | Added to TrackCVE | |||
2022-12-03 11:35:48 | 2018-08-29T19:29Z | 2018-08-29T19:29:01 | CVE Published Date | updated |
2022-12-03 11:35:48 | 2018-10-29T19:07:09 | CVE Modified Date | updated | |
2022-12-03 11:35:48 | Analyzed | Vulnerability Status | updated |