CVE-2019-15360 in U965info

Summary

by MITRE

The Hisense U965 Android device with a build fingerprint of Hisense/U965_4G_10/HS6739MT:8.1.0/O11019/Hisense_U965_4G_10_S01:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization.

Once again VulDB remains the best source for vulnerability data.

Analysis

by VulDB Data Team • 02/14/2024

The vulnerability identified as CVE-2019-15360 resides within the Hisense U965 Android device, specifically affecting a pre-installed application component named com.mediatek.wfo.impl. This application serves as a system service interface for managing wireless feature operations and operates with elevated privileges due to its pre-installed nature on the device. The build fingerprint indicates this vulnerability exists in a specific Android 8.1.0 environment with a particular hardware platform configuration, making it relevant to a defined set of devices within the Hisense product line.

The technical flaw manifests through an exported interface within the com.mediatek.wfo.impl application that lacks proper access control mechanisms. This interface allows any application that happens to be co-located on the same device to modify system properties without requiring appropriate authentication or authorization checks. The vulnerability stems from the improper exposure of system-level functionality through an exported component, creating a path for privilege escalation attacks. According to CWE-284, this represents an inadequate access control vulnerability where insufficient authorization mechanisms permit unauthorized modification of system parameters.

The operational impact of this vulnerability extends beyond simple privilege escalation as it enables malicious applications to manipulate core system properties that may affect device security, network connectivity, and overall system stability. An attacker could potentially modify critical system configurations, disable security features, or alter network settings that could compromise the device's security posture. This vulnerability aligns with ATT&CK technique T1068 which involves exploiting legitimate credentials and privileges to gain system access. The threat actor could leverage this weakness to establish persistent access or escalate privileges to gain full device control.

Mitigation strategies should focus on restricting access to the exported interface within the com.mediatek.wfo.impl application. Device manufacturers should implement proper access control checks that validate the calling application's identity and permissions before allowing system property modifications. Additionally, security updates should be deployed to remove or secure the vulnerable exported interface, ensuring that only authorized system components can modify critical properties. Network administrators should also monitor for suspicious applications that might attempt to exploit this vulnerability, and users should avoid installing untrusted applications on affected devices. The vulnerability demonstrates the importance of proper interface design and access control implementation in mobile security architectures, particularly for pre-installed system components that operate with elevated privileges.

Reservation

08/22/2019

Moderation

accepted

CPE

ready

EPSS

0.00285

KEV

no

Activities

very low

Sources

Interested in the pricing of exploits?

See the underground prices here!