Exported Activity Vulnerability in Vivo V7 Android Device by Vivo
CVE-2018-15001

5.5MEDIUM

Key Information:

Vendor

Vivo

Vendor
CVE Published:
28 December 2018

What is CVE-2018-15001?

The Vivo V7 Android device includes an app component that allows any co-located app to initiate the writing of sensitive logs such as logcat, bluetooth, and kernel logs to external storage. This poses a risk as these logs can contain sensitive user information. Although users receive a notification when logging begins and can cancel it, the authorizing app cannot be disabled, allowing logged information to be accessed by any app granted the necessary permissions. This vulnerability underscores the importance of app isolation and permission management in maintaining device security.

References

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.