CVE-2019-15429

HIGH Year: 2019
CVSS v3 Score
7.8
High
CVSS v2 Score
7.2
High
Weakness Type
CWE-610
View all →

Vulnerability Description

The Panasonic ELUGA_I9 Android device with a build fingerprint of Panasonic/ELUGA_I9/ELUGA_I9:7.0/NRD90M/1501740649:user/release-keys contains a pre-installed app with a package name of com.ovvi.modem app (versionCode=1, versionName=1) that allows unauthorized attacker-controlled at command via a confused deputy attack. This capability can be accessed by any app co-located on the device.

Related Vulnerabilities

CVE-2018-9582

HIGH
CVSS:7.8(High)

In package installer in Android-8.0, Android-8.1 and Android-9, there is a possible bypass of the unknown source warning due to a confused deputy scenario. This could lead to local escalation of privi...

CWE-6102018

CVE-2019-15394

HIGH
CVSS:7.8(High)

The Asus ZenFone 5 Selfie Android device with a build fingerprint of asus/WW_Phone/ASUS_X017D_1:7.1.1/NMF26F/14.0400.1810.061-20181107:user/release-keys contains a pre-installed app with a package nam...

CWE-6102019

CVE-2019-15405

HIGH
CVSS:7.8(High)

The Asus ASUS_X00K_1 Android device with a build fingerprint of asus/CN_X00K/ASUS_X00K_1:7.0/NRD90M/CN_X00K-14.01.1711.27-20180420:user/release-keys contains a pre-installed app with a package name of...

CWE-6102019

CVE-2019-15418

HIGH
CVSS:7.8(High)

The Asus ASUS_X00K_1 Android device with a build fingerprint of asus/CN_X00K/ASUS_X00K_1:7.0/NRD90M/CN_X00K-14.01.1711.27-20180420:user/release-keys contains a pre-installed app with a package name of...

CWE-6102019

CVE-2019-15419

HIGH
CVSS:7.8(High)

The Asus ASUS_X015_1 Android device with a build fingerprint of asus/CN_X015/ASUS_X015_1:7.0/NRD90M/CN_X015-14.00.1709.35-20171215:user/release-keys contains a pre-installed app with a package name of...

CWE-6102019

CVE-2020-0210

HIGH
CVSS:7.8(High)

In removeSharedAccountAsUser of AccountManager.java, there is a possible permissions bypass to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed...

CWE-6102020