// For flags

CVE-2018-15004

 

Severity Score

5.9
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

2
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The Coolpad Canvas device with a build fingerprint of Coolpad/cp3636a/cp3636a:7.0/NRD90M/093031423:user/release-keys contains a platform app with a package name of com.qualcomm.qti.modemtestmode (versionCode=24, versionName=7.0) that contains an exported service app component named com.qualcomm.qti.modemtestmode.MbnTestService that allows any app on the device to set certain system properties as the com.android.phone user. When an app sets the persist.service.logr.enable system property to a value of 1, an app with a package name of com.yulong.logredirect (versionCode=20160622, versionName=5.25_20160622_01) will start writing the system-wide logcat log, kernel log, and a tcpdump network traffic capture to external storage. Furthermore, on the Coolpad Canvas device, the com.android.phone app writes the destination phone number and body of the text message for outgoing text messages. A notification when logging can be avoided if the log is enabled after device startup and disabled prior to device shutdown by setting the system properties using the exported interface of the com.qualcomm.qti.modemtestmode app. Any app with the READ_EXTERNAL_STORAGE permission can access the log files.

El dispositivo Coolpad Canvas con una huella digital de Coolpad/cp3636a/cp3636a:7.0/NRD90M/093031423:user/release-keys contiene una app de plataforma con un nombre de paquete com.qualcomm.qti.modemtestmode (versionCode=24, versionName=7.0) que contiene un componente de app de servicio exportado llamado com.qualcomm.qti.modemtestmode.MbnTestService que permite que cualquier app del dispositivo establezca ciertas propiedades del sistema como el usuario com.android.phone. Cuando una app establece la propiedad del sistema persist.service.logr.enable con un valor de 1, una app con un nombre de paquete com.yulong.logredirect (versionCode=20160622, versionName=5.25_20160622_01) comenzará a escribir el registro del sistema logcat, el registro del kernel y la captura de tráfico de red tcpdump en el almacenamiento externo. Además, en el dispositivo Coolpad Canvas, la app com.android.phone escribe el número de teléfono de destino y el cuerpo del mensaje de texto para los mensajes de texto salientes. Se puede evitar una notificación al registrar si el registro está habilitado tras el arranque del dispositivo y se deshabilita antes de apagarlo estableciendo las propiedades del sistema mediante la interfaz exportada de la app com.qualcomm.qti.modemtestmode. Cualquier app con el permiso READ_EXTERNAL_STORAGE puede acceder a los archivos de registro.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2018-08-05 CVE Reserved
  • 2018-12-28 CVE Published
  • 2024-05-20 EPSS Updated
  • 2024-08-05 CVE Updated
  • 2024-08-05 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-532: Insertion of Sensitive Information into Log File
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Coolpad
Search vendor "Coolpad"
Canvas Firmware
Search vendor "Coolpad" for product "Canvas Firmware"
7.0
Search vendor "Coolpad" for product "Canvas Firmware" and version "7.0"
-
Affected
in Coolpad
Search vendor "Coolpad"
Canvas
Search vendor "Coolpad" for product "Canvas"
--
Safe