Exported Activity Vulnerability in Vivo V7 Android Device by Vivo
CVE-2018-15001

5.5MEDIUM

Key Information:

Vendor: Vivo
Status: V7 Firmware
Vendor: CVE Published:; 28 December 2018

What is CVE-2018-15001?

The Vivo V7 Android device includes an app component that allows any co-located app to initiate the writing of sensitive logs such as logcat, bluetooth, and kernel logs to external storage. This poses a risk as these logs can contain sensitive user information. Although users receive a notification when logging begins and can cancel it, the authorizing app cannot be disabled, allowing logged information to be accessed by any app granted the necessary permissions. This vulnerability underscores the importance of app isolation and permission management in maintaining device security.

References

https://www.kryptowire.com/portal/wp-content/uploads/2018...

x_refsource_MISC

https://www.kryptowire.com/portal/android-firmware-defcon...

x_refsource_MISC

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 28, 2018
Vulnerability Reserved
Aug 5, 2018