Vulnerability Name:

CVE-2019-12762 (CCN-162277)

Assigned:2019-06-06
Published:2019-06-06
Updated:2021-03-27
Summary:Xiaomi Mi 5s Plus devices allow attackers to trigger touchscreen anomalies via a radio signal between 198 kHz and 203 kHz, as demonstrated by a transmitter and antenna hidden just beneath the surface of a coffee-shop table, aka Ghost Touch.
CVSS v3 Severity:4.2 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)
3.7 Low (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:U/RC:R)
Exploitability Metrics:Attack Vector (AV): Physical
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): High
Availibility (A): None
5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
4.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:U/RC:R)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:1.9 Low (CVSS v2 Vector: AV:L/AC:M/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-noinfo
Vulnerability Consequences:Bypass Security
References:Source: MITRE
Type: CNA
CVE-2019-12762

Source: XF
Type: UNKNOWN
xiaomi-cve201912762-sec-bypass(162277)

Source: MISC
Type: Third Party Advisory
https://hackercombat.com/nfc-vulnerability-may-promote-ghost-screen-taps/

Source: CCN
Type: Medium Web site
Ghost Touch on Xiaomi Mi5s Plus

Source: MISC
Type: Exploit, Third Party Advisory
https://medium.com/@juliodellaflora/ghost-touch-on-xiaomi-mi5s-plus-707998308607

Source: CCN
Type: Xiaomi Web site
Xiaomi Mi 5s Plus

Vulnerable Configuration:Configuration 1:
  • cpe:/o:xiaomi:mi_5s_plus_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:xiaomi:mi_5s_plus:-:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:sony:xperia_z4_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:sony:xperia_z4:-:*:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/o:samsung:galaxy_s6_edge_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:samsung:galaxy_s6_edge:-:*:*:*:*:*:*:*

    • Configuration 4:
  • cpe:/o:samsung:galaxy_s4_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:samsung:galaxy_s4:-:*:*:*:*:*:*:*

    • Configuration 5:
  • cpe:/o:google:nexus_7_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:google:nexus_7:-:*:*:*:*:*:*:*

    • Configuration 6:
  • cpe:/o:google:nexus_9_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:google:nexus_9:-:*:*:*:*:*:*:*

    • Configuration 7:
  • cpe:/o:sharp:aquos_zeta_sh-04f_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:sharp:aquos_zeta_sh-04f:-:*:*:*:*:*:*:*

    • Configuration 8:
  • cpe:/o:fujitsu:arrows_nx_f05-f_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:fujitsu:arrows_nx_f05-f:-:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    xiaomi mi 5s plus firmware -
    xiaomi mi 5s plus -
    sony xperia z4 firmware -
    sony xperia z4 -
    samsung galaxy s6 edge firmware -
    samsung galaxy s6 edge -
    samsung galaxy s4 firmware -
    samsung galaxy s4 -
    google nexus 7 firmware -
    google nexus 7 -
    google nexus 9 firmware -
    google nexus 9 -
    sharp aquos zeta sh-04f firmware -
    sharp aquos zeta sh-04f -
    fujitsu arrows nx f05-f firmware -
    fujitsu arrows nx f05-f -