CVE-2018-14825

Severity CVSS v4.0:

Pending analysis

Type:

Unavailable / Other

Publication date:

24/09/2018

Last modified:

09/10/2019

Description

On Honeywell Mobile Computers (CT60 running Android OS 7.1, CN80 running Android OS 7.1, CT40 running Android OS 7.1, CK75 running Android OS 6.0, CN75 running Android OS 6.0, CN75e running Android OS 6.0, CT50 running Android OS 6.0, D75e running Android OS 6.0, CT50 running Android OS 4.4, D75e running Android OS 4.4, CN51 running Android OS 6.0, EDA50k running Android 4.4, EDA50 running Android OS 7.1, EDA50k running Android OS 7.1, EDA70 running Android OS 7.1, EDA60k running Android OS 7.1, and EDA51 running Android OS 8.1), a skilled attacker with advanced knowledge of the target system could exploit this vulnerability by creating an application that would successfully bind to the service and gain elevated system privileges. This could enable the attacker to obtain access to keystrokes, passwords, personal identifiable information, photos, emails, or business-critical documents.

Impact

Vector 3.x

CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H CVSS v3.1 Severity and Metrics:

Base Score: 5.80 MEDIUM
Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H

Attack Vector (AV): Local
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): Required
Scope (S): Unchanged
Confidentiality (C): Low
Integrity (I): Low
Availability (A): High

Base Score 3.x

5.80

Severity 3.x

MEDIUM

Vector 2.0

AV:N/AC:M/Au:N/C:P/I:P/A:P CVSS v2.0 Severity and Metrics:

Base Score: 6.80 MEDIUM
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Attack Vector (AV): Network
Attack Complexity (AC): Medium
Authentication (Au): None
Confidentiality (C): Physical
Integrity (I): Physical
Availability (A): Physical

Base Score 2.0

6.80

Severity 2.0

MEDIUM

Vulnerable products and versions

CPE	From	Up to
cpe:2.3:h:honeywell:cn80:-:::::::*
cpe:2.3:h:honeywell:ct40:-:::::::*
cpe:2.3:h:honeywell:ct60:-:::::::*
cpe:2.3:h:honeywell:eda50:-:::::::*
cpe:2.3:h:honeywell:eda50k:-:::::::*
cpe:2.3:h:honeywell:eda60k:-:::::::*
cpe:2.3:h:honeywell:eda70:-:::::::*
cpe:2.3:o:google:android:7.1.0:::::::*
cpe:2.3:h:honeywell:ck75:-:::::::*
cpe:2.3:h:honeywell:cn51:-:::::::*
cpe:2.3:h:honeywell:cn75:-:::::::*
cpe:2.3:h:honeywell:cn75e:-:::::::*
cpe:2.3:h:honeywell:d75e:-:::::::*
cpe:2.3:o:google:android:6.0:::::::*
cpe:2.3:h:honeywell:ct50:-:::::::*

To consult the complete list of CPE names with products and versions, see this page

CPE	From	Up to
cpe:2.3:h:honeywell:cn80:-:::::::*
cpe:2.3:h:honeywell:ct40:-:::::::*
cpe:2.3:h:honeywell:ct60:-:::::::*
cpe:2.3:h:honeywell:eda50:-:::::::*
cpe:2.3:h:honeywell:eda50k:-:::::::*
cpe:2.3:h:honeywell:eda60k:-:::::::*
cpe:2.3:h:honeywell:eda70:-:::::::*
cpe:2.3:o:google:android:7.1.0:::::::*
cpe:2.3:h:honeywell:ck75:-:::::::*
cpe:2.3:h:honeywell:cn51:-:::::::*
cpe:2.3:h:honeywell:cn75:-:::::::*
cpe:2.3:h:honeywell:cn75e:-:::::::*
cpe:2.3:h:honeywell:d75e:-:::::::*
cpe:2.3:o:google:android:6.0:::::::*
cpe:2.3:h:honeywell:ct50:-:::::::*

CVE-2018-14825

Description

Impact

Vulnerable products and versions

References to Advisories, Solutions, and Tools