ZTE ZMAX Champ com.android.zte.hiddenmenu resource management
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 5.5 | $0-$5k | 0.00 |
A vulnerability was found in ZTE ZMAX Champ (unknown version). It has been rated as critical. This issue affects an unknown code block of the component com.android.zte.hiddenmenu. The manipulation with an unknown input leads to a resource management vulnerability. Using CWE to declare the problem leads to CWE-399. Impacted is availability. The summary by CVE is:
The ZTE ZMAX Champ Android device with a build fingerprint of ZTE/Z917VL/fortune:6.0.1/MMB29M/20170327.120922:user/release-keys contains a pre-installed platform app with a package name of com.android.zte.hiddenmenu (versionCode=23, versionName=6.0.1) that contains an exported broadcast receiver app component named com.android.zte.hiddenmenu.CommandReceiver that is accessible to any app co-located on the device. This app component, when it receives a broadcast intent with a certain action string, will write a non-standard (i.e., not defined in Android Open Source Project (AOSP) code) command to the /cache/recovery/command file to be executed in recovery mode. Once the device boots into recovery mode, it will crash, boot into recovery mode, and crash again. This crash loop will keep repeating, which makes the device unusable. There is no way to boot into an alternate mode once the crash loop starts.
The bug was discovered 08/05/2018. The weakness was presented 12/28/2018 (Website). It is possible to read the advisory at securityfocus.com. The identification of this vulnerability is CVE-2018-15006 since 08/05/2018. Attacking locally is a requirement. The requirement for exploitation is a simple authentication. The technical details are unknown and an exploit is not publicly available.
The vulnerability was handled as a non-public zero-day exploit for at least 145 days. During that time the estimated underground price was around $0-$5k.
There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
See 128482 for similar entry.
Product
Vendor
Name
License
CPE 2.3
CPE 2.2
CVSSv4
VulDB CVSS-B Score: 🔍VulDB CVSS-BT Score: 🔍
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.5VulDB Meta Temp Score: 5.5
VulDB Base Score: 5.5
VulDB Temp Score: 5.5
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 5.5
NVD Vector: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| unlock | unlock | unlock | unlock | unlock | unlock |
| unlock | unlock | unlock | unlock | unlock | unlock |
| unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Resource managementCWE: CWE-399 / CWE-404
ATT&CK: Unknown
Local: Yes
Remote: No
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | unlock | unlock | unlock | unlock |
|---|---|---|---|---|
| Today | unlock | unlock | unlock | unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: no mitigation knownStatus: 🔍
0-Day Time: 🔍
Timeline
08/05/2018 🔍08/05/2018 🔍
12/28/2018 🔍
12/28/2018 🔍
12/28/2018 🔍
12/29/2018 🔍
04/24/2020 🔍
Sources
Vendor: zte.com.cnAdvisory: securityfocus.com⛔
Status: Not defined
CVE: CVE-2018-15006 (🔍)
SecurityFocus: 106361 - ZTE ZMAX Multiple Security Vulnerabilities
See also: 🔍
Entry
Created: 12/29/2018 14:47Updated: 04/24/2020 18:03
Changes: 12/29/2018 14:47 (59), 04/24/2020 18:03 (3)
Complete: 🔍
No comments yet. Languages: en.
Please log in to comment.