Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2021-41848

Опубликовано: 11 мар. 2022
Источник: nvd
CVSS3: 7.8
CVSS2: 7.2
EPSS Низкий

Описание

An issue was discovered in Luna Simo PPR1.180610.011/202001031830. It mishandles software updates such that local third-party apps can provide a spoofed software update file that contains an arbitrary shell script and arbitrary ARM binary, where both will be executed as the root user with an SELinux domain named osi. To exploit this vulnerability, a local third-party app needs to have write access to external storage to write the spoofed update at the expected path. The vulnerable system binary (i.e., /system/bin/osi_bin) does not perform any authentication of the update file beyond ensuring that it is encrypted with an AES key (that is hard-coded in the vulnerable system binary). Processes executing with the osi SELinux domain can programmatically perform the following actions: install apps, grant runtime permissions to apps (including permissions with protection levels of dangerous and development), access extensive Personally Identifiable Information (PII) using the programmatically

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:bluproducts:g90_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:bluproducts:g90:-:*:*:*:*:*:*:*
Конфигурация 2

Одновременно

cpe:2.3:o:bluproducts:g9_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:bluproducts:g9:-:*:*:*:*:*:*:*
Конфигурация 3

Одновременно

cpe:2.3:o:wikomobile:tommy_3_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:wikomobile:tommy_3:-:*:*:*:*:*:*:*
Конфигурация 4

Одновременно

cpe:2.3:o:wikomobile:tommy_3_plus_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:wikomobile:tommy_3_plus:-:*:*:*:*:*:*:*
Конфигурация 5

Одновременно

cpe:2.3:o:luna:simo_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:luna:simo:-:*:*:*:*:*:*:*

EPSS

Процентиль: 23%
0.00078
Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-798

Связанные уязвимости

github логотип

GHSA-x838-28hj-38c5

CVSS3: 7.8
github
почти 4 года назад

An issue was discovered in Luna Simo PPR1.180610.011/202001031830. It mishandles software updates such that local third-party apps can provide a spoofed software update file that contains an arbitrary shell script and arbitrary ARM binary, where both will be executed as the root user with an SELinux domain named osi. To exploit this vulnerability, a local third-party app needs to have write access to external storage to write the spoofed update at the expected path. The vulnerable system binary (i.e., /system/bin/osi_bin) does not perform any authentication of the update file beyond ensuring that it is encrypted with an AES key (that is hard-coded in the vulnerable system binary). Processes executing with the osi SELinux domain can programmatically perform the following actions: install apps, grant runtime permissions to apps (including permissions with protection levels of dangerous and development), access extensive Personally Identifiable Information (PII) using the programmatica...

EPSS

Процентиль: 23%
0.00078
Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-798