Vulnerability CVE-2016-10135

Vulnerability Name:

CVE-2016-10135 (CCN-123971)

Assigned:

2017-01-13

Published:

2017-01-13

Updated:

2017-03-16

Summary:

An issue was discovered on LG devices using the MTK chipset with L(5.0/5.1), M(6.0/6.0.1), and N(7.0) software, and RCA Voyager Tablet, BLU Advance 5.0, and BLU R1 HD devices. The MTKLogger app with a package name of com.mediatek.mtklogger has application components that are accessible to any application that resides on the device. Namely, the com.mediatek.mtklogger.framework.LogReceiver and com.mediatek.mtklogger.framework.MTKLoggerService application components are exported since they contain an intent filter, are not protected by a custom permission, and do not explicitly set the android:exported attribute to false. Therefore, these components are exported by default and are thus accessible to any third party application by using android.content.Intent object for communication. These application components can be used to start and stop the logs using Intent objects with embedded data. The available logs are the GPS log, modem log, network log, and mobile log. The base directory that contains the directories for the 4 types of logs is /sdcard/mtklog which makes them accessible to apps that require the READ_EXTERNAL_STORAGE permission. The GPS log contains the GPS coordinates of the user as well as a timestamp for the coordinates. The modem log contains AT commands and their parameters which allow the user's outgoing and incoming calls and text messages to be obtained. The network log is a tcpdump network capture. The mobile log contains the Android log, which is not available to third-party apps as of Android 4.1. The LG ID is LVE-SMP-160019.

CVSS v3 Severity:

5.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)
4.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): None Availibility (A): None

6.2 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
5.4 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): None Availibility (A): None

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

4.9 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): None Availibility (A): None

Vulnerability Type:

CWE-200

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2016-10135

Source: BID
Type: UNKNOWN
96846

Source: XF
Type: UNKNOWN
lg-cve201610135-info-disc(123971)

Source: CCN
Type: LG Security Bulletins: LVE-SMP-160019
LVE-SMP-160019

Source: MISC
Type: Vendor Advisory
https://lgsecurity.lge.com/security_updates.html

Vulnerable Configuration:

Configuration 1:

cpe:/o:lg:lg_mobile:5.0:*:*:*:*:*:*:*

OR cpe:/o:lg:lg_mobile:5.1:*:*:*:*:*:*:*

OR cpe:/o:lg:lg_mobile:6.0:*:*:*:*:*:*:*

OR cpe:/o:lg:lg_mobile:6.0.1:*:*:*:*:*:*:*

OR cpe:/o:lg:lg_mobile:7.0:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/o:google:android:5.0:*:*:*:*:*:*:*

OR cpe:/o:google:android:5.1:*:*:*:*:*:*:*

OR cpe:/o:google:android:6.0:*:*:*:*:*:*:*

OR cpe:/o:google:android:6.0.1:*:*:*:*:*:*:*

OR cpe:/o:google:android:7.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

BACK