CVE-2018-14825 MEDIUM

Published: 2018-09-24 | Last Modified: 2026-06-17 | Status: Modified

Description

On Honeywell Mobile Computers (CT60 running Android OS 7.1, CN80 running Android OS 7.1, CT40 running Android OS 7.1, CK75 running Android OS 6.0, CN75 running Android OS 6.0, CN75e running Android OS 6.0, CT50 running Android OS 6.0, D75e running Android OS 6.0, CT50 running Android OS 4.4, D75e running Android OS 4.4, CN51 running Android OS 6.0, EDA50k running Android 4.4, EDA50 running Android OS 7.1, EDA50k running Android OS 7.1, EDA70 running Android OS 7.1, EDA60k running Android OS 7.1, and EDA51 running Android OS 8.1), a skilled attacker with advanced knowledge of the target system could exploit this vulnerability by creating an application that would successfully bind to the service and gain elevated system privileges. This could enable the attacker to obtain access to keystrokes, passwords, personal identifiable information, photos, emails, or business-critical documents.

Additional Descriptions (1)

En Honeywell Mobile Computers (CT60 con Android OS 7.1, CN80 con Android OS 7.1, CT40 con Android OS 7.1, CK75 con Android OS 6.0, CN75 con Android OS 6.0, CN75e con Android OS 6.0, CT50 con Android OS 6.0, D75e con Android OS 6.0, CT50 con Android OS 4.4, D75e con Android OS 4.4, CN51 con Android OS 6.0, EDA50k con Android 4.4, EDA50 con Android OS 7.1, EDA50k con Android OS 7.1, EDA70 con Android OS 7.1, EDA60k con Android OS 7.1 y EDA51 con Android OS 8.1), un atacante habilidoso con conocimientos avanzados del sistema objetivo podría explotar esta vulnerabilidad creando una aplicación que se enlazaría exitosamente al servicio y obtendría privilegios elevados en el sistema. Esto podría permitir que el atacante obtenga acceso a las pulsaciones de teclas, contraseñas, información personal identificable, fotografías, emails o documentos críticos para una empresa.

CVSS Metrics

Base Score: 6.8 (MEDIUM)

AV:N/AC:M/Au:N/C:P/I:P/A:P

Access Vector	NETWORK
Access Complexity	MEDIUM
Authentication	NONE
Confidentiality Impact	PARTIAL
Integrity Impact	PARTIAL
Availability Impact	PARTIAL

Source: [email protected]

Type: Primary

Exploitability Score: 8.6

Impact Score: 6.4

Weaknesses

Source	Type	Description
[email protected]	Secondary	en CWE-269
[email protected]	Primary	en CWE-732

Affected Products

Vendor	Product	Version	Update	Type
honeywell	cn80	-	<built-in method update of dict object at 0x7c3c40d55d00>	Hardware
honeywell	ct40	-	<built-in method update of dict object at 0x7c3bf291e280>	Hardware
honeywell	ct60	-	<built-in method update of dict object at 0x7c3bf291e200>	Hardware
honeywell	eda50	-	<built-in method update of dict object at 0x7c3c40d55f00>	Hardware
honeywell	eda50k	-	<built-in method update of dict object at 0x7c3c40d55b40>	Hardware
honeywell	eda60k	-	<built-in method update of dict object at 0x7c3c40d54900>	Hardware
honeywell	eda70	-	<built-in method update of dict object at 0x7c3c40d55840>	Hardware
honeywell	ck75	-	<built-in method update of dict object at 0x7c3bf291c240>	Hardware
honeywell	cn51	-	<built-in method update of dict object at 0x7c3c40d54e80>	Hardware
honeywell	cn75	-	<built-in method update of dict object at 0x7c3c40d54a00>	Hardware
honeywell	cn75e	-	<built-in method update of dict object at 0x7c3c40d54fc0>	Hardware
honeywell	d75e	-	<built-in method update of dict object at 0x7c3bf291f3c0>	Hardware
honeywell	ct50	-	<built-in method update of dict object at 0x7c3c483a9980>	Hardware
honeywell	d75e	-	<built-in method update of dict object at 0x7c3c40d55280>	Hardware
honeywell	eda50k	-	<built-in method update of dict object at 0x7c3bf291d6c0>	Hardware
honeywell	eda51	-	<built-in method update of dict object at 0x7c3bf291c640>	Hardware

Affected Configurations

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:h:honeywell:cn80:-:::::::*`
Yes	`cpe:2.3:h:honeywell:ct40:-:::::::*`
Yes	`cpe:2.3:h:honeywell:ct60:-:::::::*`
Yes	`cpe:2.3:h:honeywell:eda50:-:::::::*`
Yes	`cpe:2.3:h:honeywell:eda50k:-:::::::*`
Yes	`cpe:2.3:h:honeywell:eda60k:-:::::::*`
Yes	`cpe:2.3:h:honeywell:eda70:-:::::::*`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:o:google:android:7.1.0:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:h:honeywell:ck75:-:::::::*`
Yes	`cpe:2.3:h:honeywell:cn51:-:::::::*`
Yes	`cpe:2.3:h:honeywell:cn75:-:::::::*`
Yes	`cpe:2.3:h:honeywell:cn75e:-:::::::*`
Yes	`cpe:2.3:h:honeywell:d75e:-:::::::*`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:o:google:android:6.0:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:h:honeywell:ct50:-:::::::*`
Yes	`cpe:2.3:h:honeywell:d75e:-:::::::*`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:o:google:android:4.4:::::::*`
No	`cpe:2.3:o:google:android:6.0:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:h:honeywell:eda50k:-:::::::*`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:o:google:android:4.4:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:h:honeywell:eda51:-:::::::*`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:o:google:android:8.1:::::::*`

References

http://www.securityfocus.com/bid/105767
Source: [email protected]

Third Party Advisory VDB Entry
https://cert.vde.com/de-de/advisories/vde-2018-016
Source: [email protected]

Third Party Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-18-256-01
Source: [email protected]

Third Party Advisory US Government Resource
http://www.securityfocus.com/bid/105767
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory VDB Entry
https://cert.vde.com/de-de/advisories/vde-2018-016
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-18-256-01
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory US Government Resource