CVE-2024-5163 (GCVE-0-2024-5163)
Vulnerability from cvelistv5 – Published: 2024-06-17 03:07 – Updated: 2024-08-21 05:48
VLAI
EPSS
VEX
Title
Improper permission settings in com.transsion.carlcare
Summary
Improper permission settings for mobile applications (com.transsion.carlcare) may lead to user password and account security risks.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
3 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| TECNO | com.transsion.carlcare |
Affected:
5.8.1.4
|
|
| tecno | com.transsion.carlcare |
Affected:
5.8.1.4
cpe:2.3:a:tecno:com.transsion.carlcare:-:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:tecno:com.transsion.carlcare:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "com.transsion.carlcare",
"vendor": "tecno",
"versions": [
{
"status": "affected",
"version": "5.8.1.4"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-5163",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-18T13:48:34.000016Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-280",
"description": "CWE-280 Improper Handling of Insufficient Permissions or Privileges ",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-18T13:54:52.585Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:03:11.047Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.tecno.com/SRC/blogdetail/267?lang=en_US"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.tecno.com/SRC/securityUpdates"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "com.transsion.carlcare",
"vendor": "TECNO",
"versions": [
{
"status": "affected",
"version": "5.8.1.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eImproper permission settings for mobile applications (com.transsion.carlcare) may lead to user password and account security risks.\u003c/span\u003e"
}
],
"value": "Improper permission settings for mobile applications (com.transsion.carlcare) may lead to user password and account security risks."
}
],
"impacts": [
{
"capecId": "CAPEC-131",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-131 Resource Leak Exposure"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-21T05:48:10.193Z",
"orgId": "907edf6c-bf03-423e-ab1a-8da27e1aa1ea",
"shortName": "TECNOMobile"
},
"references": [
{
"url": "https://security.tecno.com/SRC/blogdetail/267?lang=en_US"
},
{
"url": "https://security.tecno.com/SRC/securityUpdates?type=SA"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper permission settings in com.transsion.carlcare",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "907edf6c-bf03-423e-ab1a-8da27e1aa1ea",
"assignerShortName": "TECNOMobile",
"cveId": "CVE-2024-5163",
"datePublished": "2024-06-17T03:07:04.982Z",
"dateReserved": "2024-05-21T01:32:57.974Z",
"dateUpdated": "2024-08-21T05:48:10.193Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-5163",
"date": "2026-07-14",
"epss": "0.00509",
"percentile": "0.39903"
},
"fkie_nvd": {
"descriptions": "[{\"lang\": \"en\", \"value\": \"Improper permission settings for mobile applications (com.transsion.carlcare) may lead to user password and account security risks.\"}, {\"lang\": \"es\", \"value\": \"La configuraci\\u00f3n incorrecta de permisos para aplicaciones m\\u00f3viles (com.transsion.carlcare) puede provocar riesgos de seguridad de la cuenta y la contrase\\u00f1a del usuario.\"}]",
"id": "CVE-2024-5163",
"lastModified": "2024-11-21T09:47:06.360",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}]}",
"published": "2024-06-17T03:15:09.057",
"references": "[{\"url\": \"https://security.tecno.com/SRC/blogdetail/267?lang=en_US\", \"source\": \"907edf6c-bf03-423e-ab1a-8da27e1aa1ea\"}, {\"url\": \"https://security.tecno.com/SRC/securityUpdates?type=SA\", \"source\": \"907edf6c-bf03-423e-ab1a-8da27e1aa1ea\"}, {\"url\": \"https://security.tecno.com/SRC/blogdetail/267?lang=en_US\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.tecno.com/SRC/securityUpdates\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "907edf6c-bf03-423e-ab1a-8da27e1aa1ea",
"vulnStatus": "Awaiting Analysis",
"weaknesses": "[{\"source\": \"907edf6c-bf03-423e-ab1a-8da27e1aa1ea\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-732\"}]}, {\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-280\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-5163\",\"sourceIdentifier\":\"907edf6c-bf03-423e-ab1a-8da27e1aa1ea\",\"published\":\"2024-06-17T03:15:09.057\",\"lastModified\":\"2026-06-17T08:15:19.567\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Improper permission settings for mobile applications (com.transsion.carlcare) may lead to user password and account security risks.\"},{\"lang\":\"es\",\"value\":\"La configuraci\u00f3n incorrecta de permisos para aplicaciones m\u00f3viles (com.transsion.carlcare) puede provocar riesgos de seguridad de la cuenta y la contrase\u00f1a del usuario.\"}],\"affected\":[{\"source\":\"907edf6c-bf03-423e-ab1a-8da27e1aa1ea\",\"affectedData\":[{\"vendor\":\"TECNO\",\"product\":\"com.transsion.carlcare\",\"defaultStatus\":\"unaffected\",\"versions\":[{\"version\":\"5.8.1.4\",\"status\":\"affected\"}]}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"affectedData\":[{\"vendor\":\"tecno\",\"product\":\"com.transsion.carlcare\",\"defaultStatus\":\"unknown\",\"cpes\":[\"cpe:2.3:a:tecno:com.transsion.carlcare:-:*:*:*:*:*:*:*\"],\"versions\":[{\"version\":\"5.8.1.4\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2024-06-18T13:48:34.000016Z\",\"id\":\"CVE-2024-5163\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"yes\"},{\"technicalImpact\":\"total\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"907edf6c-bf03-423e-ab1a-8da27e1aa1ea\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-732\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-280\"}]}],\"references\":[{\"url\":\"https://security.tecno.com/SRC/blogdetail/267?lang=en_US\",\"source\":\"907edf6c-bf03-423e-ab1a-8da27e1aa1ea\"},{\"url\":\"https://security.tecno.com/SRC/securityUpdates?type=SA\",\"source\":\"907edf6c-bf03-423e-ab1a-8da27e1aa1ea\"},{\"url\":\"https://security.tecno.com/SRC/blogdetail/267?lang=en_US\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.tecno.com/SRC/securityUpdates\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"redhat_vex": {
"current_release_date": "2025-05-28T20:32:14+00:00",
"cve": "CVE-2024-5163",
"id": "CVE-2024-5163",
"initial_release_date": "2024-01-01T00:00:00+00:00",
"product_status:known_not_affected": "1",
"source": "Red Hat CSAF VEX",
"status": "final",
"title": "Improper permission settings in com.transsion.carlcare",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5163.json",
"version": "3"
},
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://security.tecno.com/SRC/blogdetail/267?lang=en_US\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.tecno.com/SRC/securityUpdates\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T21:03:11.047Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-5163\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-06-18T13:48:34.000016Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:tecno:com.transsion.carlcare:-:*:*:*:*:*:*:*\"], \"vendor\": \"tecno\", \"product\": \"com.transsion.carlcare\", \"versions\": [{\"status\": \"affected\", \"version\": \"5.8.1.4\"}], \"defaultStatus\": \"unknown\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-280\", \"description\": \"CWE-280 Improper Handling of Insufficient Permissions or Privileges \"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-06-18T13:54:28.950Z\"}}], \"cna\": {\"title\": \"Improper permission settings in com.transsion.carlcare\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"impacts\": [{\"capecId\": \"CAPEC-131\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-131 Resource Leak Exposure\"}]}], \"affected\": [{\"vendor\": \"TECNO\", \"product\": \"com.transsion.carlcare\", \"versions\": [{\"status\": \"affected\", \"version\": \"5.8.1.4\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://security.tecno.com/SRC/blogdetail/267?lang=en_US\"}, {\"url\": \"https://security.tecno.com/SRC/securityUpdates?type=SA\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Improper permission settings for mobile applications (com.transsion.carlcare) may lead to user password and account security risks.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eImproper permission settings for mobile applications (com.transsion.carlcare) may lead to user password and account security risks.\u003c/span\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-732\", \"description\": \"CWE-732 Incorrect Permission Assignment for Critical Resource\"}]}], \"providerMetadata\": {\"orgId\": \"907edf6c-bf03-423e-ab1a-8da27e1aa1ea\", \"shortName\": \"TECNOMobile\", \"dateUpdated\": \"2024-08-21T05:48:10.193Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-5163\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-21T05:48:10.193Z\", \"dateReserved\": \"2024-05-21T01:32:57.974Z\", \"assignerOrgId\": \"907edf6c-bf03-423e-ab1a-8da27e1aa1ea\", \"datePublished\": \"2024-06-17T03:07:04.982Z\", \"assignerShortName\": \"TECNOMobile\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…