CVE-2018-6597 - The Alcatel A30 device with a build fingerprint of TCL/5046G/MICKEY6US:7.0/NRD90M/J63:user/release-k

CVE-2018-6597

Summary

The Alcatel A30 device with a build fingerprint of TCL/5046G/MICKEY6US:7.0/NRD90M/J63:user/release-keys contains a hidden privilege escalation capability to achieve command execution as the root user. They have made modifications that allow a user with physical access to the device to obtain a root shell via ADB. Modifying the read-only properties by an app as the system user creates a UNIX domain socket named factory_test that will execute commands as the root user by processes that have privilege to access it (as per the SELinux rules that the vendor controls).

References

https://www.kryptowire.com/portal/android-firmware-defcon-2018/

Vulnerable Configurations

cpe:2.3:o:alcatel:a30_firmware:7.0:*:*:*:*:*:*:*
cpe:2.3:o:alcatel:a30_firmware:7.0:*:*:*:*:*:*:*
cpe:2.3:h:alcatel:a30:-:*:*:*:*:*:*:*
cpe:2.3:h:alcatel:a30:-:*:*:*:*:*:*:*

CVSS

Base:	7.2 (as of 03-10-2019 - 00:03)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:C/I:C/A:C

refmap via4

misc

https://www.kryptowire.com/portal/android-firmware-defcon-2018/

Last major update

03-10-2019 - 00:03

Published

29-08-2018 - 19:29

Last modified

03-10-2019 - 00:03