CVE-2019-15355 in Camon iClickinfo

Summary

by MITRE

The Tecno Camon iClick Android device with a build fingerprint of TECNO/H633/TECNO-IN6:8.1.0/O11019/A-180409V96:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Analysis

by VulDB Data Team • 02/14/2024

The vulnerability described in CVE-2019-15355 represents a critical security flaw in the Tecno Camon iClick Android device running Android 8.1.0. This issue stems from a pre-installed application named com.mediatek.wfo.impl which exposes an exported interface that permits unauthorized modification of system properties. The vulnerability manifests through the device's build fingerprint TECNO/H633/TECNO-IN6:8.1.0/O11019/A-180409V96:user/release-keys, indicating a specific hardware and software configuration that is susceptible to this attack vector. The exposed interface allows any application co-located on the device to manipulate system properties without proper authentication or authorization mechanisms.

The technical flaw resides in the improper exposure of system interfaces within the MediaTek Wi-Fi calling implementation component. This application with version code 27 and version name 8.1.0 contains an exported interface that should have been restricted to system-level applications only. The vulnerability enables privilege escalation attacks where malicious applications can modify critical system properties that control device behavior, network connectivity, and communication settings. This represents a direct violation of Android's security model where system-level modifications should be restricted to trusted components and require proper signature verification or system-level permissions.

The operational impact of this vulnerability is substantial as it allows for persistent unauthorized access to device system properties that could compromise network security, enable man-in-the-middle attacks, or facilitate further exploitation. An attacker with access to any application on the device can leverage this interface to modify system settings that control Wi-Fi calling functionality, potentially redirecting communications or disabling security features. This vulnerability falls under CWE-284 which addresses improper access control, specifically the exposure of privileged interfaces to unprivileged applications. The attack surface is particularly concerning given that the vulnerable application is pre-installed on the device, meaning all users are potentially at risk without any user intervention or awareness.

The security implications extend beyond simple property modification to encompass potential data exfiltration, network disruption, and device compromise. This vulnerability aligns with ATT&CK technique T1068 which covers "Exploitation for Privilege Escalation" and T1546 which addresses "Event Triggered Execution" through the manipulation of system properties. The exposed interface could enable attackers to modify device configuration settings that affect network connectivity, communication protocols, or security policies. Mitigation strategies should include immediate patching of the vulnerable application, implementation of proper access controls for system interfaces, and regular security audits of pre-installed applications. Device manufacturers should ensure that system interfaces are properly secured and that only authorized system components can access critical device functionality. Additionally, users should be advised to avoid installing untrusted applications that might exploit this vulnerability to gain unauthorized access to system properties and potentially compromise their device security posture.

Reservation

08/22/2019

Moderation

accepted

CPE

ready

EPSS

0.00285

KEV

no

Activities

very low

Sources

Want to know what is going to be exploited?

We predict KEV entries!