CVE-2018-11946 - In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux k

CVE-2018-11946

Summary

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, the UPnP daemon should not be running out of box because it enables port forwarding without authentication.

References

https://source.codeaurora.org/quic/qsdk/oss/system/feeds/routing/commit/?id=3f625190fb469cb56de619eae6b5ca8db2463d5b
https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin

Vulnerable Configurations

cpe:2.3:o:google:android:-:*:*:*:*:*:*:*
cpe:2.3:o:google:android:-:*:*:*:*:*:*:*

CVSS

Base:	6.1 (as of 03-10-2019 - 00:03)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
ADJACENT_NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	COMPLETE	NONE

cvss-vector via4

AV:A/AC:L/Au:N/C:N/I:C/A:N

refmap via4

confirm

https://source.codeaurora.org/quic/qsdk/oss/system/feeds/routing/commit/?id=3f625190fb469cb56de619eae6b5ca8db2463d5b
https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin

Last major update

03-10-2019 - 00:03

Published

27-11-2018 - 16:29

Last modified

03-10-2019 - 00:03