Vulnerability-Lookup

CNVD-2018-04066

Vulnerability from cnvd - Published: 2018-03-02

Title

Procter&Gamble Oral-B App for Android权限获取漏洞

Description

Procter&Gamble Oral-B App for Android是美国宝洁（Procter&Gamble）公司一款基于Android平台的电动牙刷管理应用程序。基于Android系统的Procter&Gamble Oral-B App 5.0.0版本中存在安全漏洞，该漏洞源于程序使用了带有静态参数的AES加密。攻击者可利用该漏洞获取本地存储用户数据的访问权限。

Severity

中

Formal description

厂商尚未提供漏洞修复方案，请关注厂商主页更新： https://oralb.com

Reference

https://1337sec.blogspot.de/2018/01/auditing-oral-b-app-v500.html

Impacted products

Name
Procter&Gamble Oral-B App for Android

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-5298"
    }
  },
  "description": "Procter\u0026Gamble Oral-B App for Android\u662f\u7f8e\u56fd\u5b9d\u6d01\uff08Procter\u0026Gamble\uff09\u516c\u53f8\u4e00\u6b3e\u57fa\u4e8eAndroid\u5e73\u53f0\u7684\u7535\u52a8\u7259\u5237\u7ba1\u7406\u5e94\u7528\u7a0b\u5e8f\u3002\r\n\r\n\u57fa\u4e8eAndroid\u7cfb\u7edf\u7684Procter\u0026Gamble Oral-B App 5.0.0\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u4f7f\u7528\u4e86\u5e26\u6709\u9759\u6001\u53c2\u6570\u7684AES\u52a0\u5bc6\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u672c\u5730\u5b58\u50a8\u7528\u6237\u6570\u636e\u7684\u8bbf\u95ee\u6743\u9650\u3002",
  "discovererName": "unknow",
  "formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttps://oralb.com",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-04066",
  "openTime": "2018-03-02",
  "products": {
    "product": "Procter\u0026Gamble Oral-B App for Android"
  },
  "referenceLink": "https://1337sec.blogspot.de/2018/01/auditing-oral-b-app-v500.html",
  "serverity": "\u4e2d",
  "submitTime": "2018-01-10",
  "title": "Procter\u0026Gamble Oral-B App for Android\u6743\u9650\u83b7\u53d6\u6f0f\u6d1e"
}

CVE-2018-5298 (GCVE-0-2018-5298)

Vulnerability from cvelistv5 – Published: 2018-01-08 08:00 – Updated: 2024-08-05 05:33

Summary

In the Procter & Gamble "Oral-B App" (aka com.pg.oralb.oralbapp) application 5.0.0 for Android, AES encryption with static parameters is used to secure the locally stored shared preferences. An attacker can gain access to locally stored user data more easily by leveraging access to the preferences XML file.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

https://1337sec.blogspot.de/2018/01/auditing-oral…

x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T05:33:44.170Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://1337sec.blogspot.de/2018/01/auditing-oral-b-app-v500.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-01-08T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Procter \u0026 Gamble \"Oral-B App\" (aka com.pg.oralb.oralbapp) application 5.0.0 for Android, AES encryption with static parameters is used to secure the locally stored shared preferences. An attacker can gain access to locally stored user data more easily by leveraging access to the preferences XML file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-08T08:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://1337sec.blogspot.de/2018/01/auditing-oral-b-app-v500.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-5298",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In the Procter \u0026 Gamble \"Oral-B App\" (aka com.pg.oralb.oralbapp) application 5.0.0 for Android, AES encryption with static parameters is used to secure the locally stored shared preferences. An attacker can gain access to locally stored user data more easily by leveraging access to the preferences XML file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://1337sec.blogspot.de/2018/01/auditing-oral-b-app-v500.html",
              "refsource": "MISC",
              "url": "https://1337sec.blogspot.de/2018/01/auditing-oral-b-app-v500.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-5298",
    "datePublished": "2018-01-08T08:00:00.000Z",
    "dateReserved": "2018-01-08T00:00:00.000Z",
    "dateUpdated": "2024-08-05T05:33:44.170Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2018-04066

CVE-2018-5298 (GCVE-0-2018-5298)

Tags

Sightings

Nomenclature