How severe is CVE-2018-14979?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.7 out of 10.

What type of vulnerability is CVE-2018-14979?

This is classified as CWE-200, which is a common weakness in software security.

CVE-2018-14979 - MEDIUM Severity | CVSS 4.7

Vulnerability Description

The ASUS ZenFone 3 Max Android device with a build fingerprint of asus/US_Phone/ASUS_X008_1:7.0/NRD90M/US_Phone-14.14.1711.92-20171208:user/release-keys contains a pre-installed app with a package name of com.asus.loguploader (versionCode=1570000275, versionName=7.0.0.55_170515). This app contains an exported service app component named com.asus.loguploader.LogUploaderService that, when accessed with a particular action string, will write a bugreport (kernel log, logcat log, and the state of system services including the text of active notifications), Wi-Fi Passwords, and other system data to external storage (sdcard). Any app with the READ_EXTERNAL_STORAGE permission on this device can read this data from the sdcard after it has been dumped there by the com.asus.loguploader. Third-party apps are not allowed to directly create a bugreport or access the user's stored wireless network credentials.

Related Vulnerabilities

CVE-2015-3142

MEDIUM

CVSS:4.7(Medium)

The kernel-invoked coredump processor in Automatic Bug Reporting Tool (ABRT) does not properly check the ownership of files before writing core dumps to them, which allows local users to obtain sensit...

CWE-2002015

CVE-2015-7328

MEDIUM

CVSS:4.7(Medium)

Puppet Server in Puppet Enterprise before 3.8.x before 3.8.3 and 2015.2.x before 2015.2.3 uses world-readable permissions for the private key of the Certification Authority (CA) certificate during the...

CWE-2002015

CVE-2015-7438

MEDIUM

CVSS:4.7(Medium)

IBM Sterling B2B Integrator 5.2 allows local users to obtain sensitive cleartext web-services information by leveraging database access.

CWE-2002015

CVE-2015-7493

MEDIUM

CVSS:4.7(Medium)

IBM InfoSphere Information Server could allow a local user under special circumstances to execute commands during installation processes that could expose sensitive information.

CWE-2002015

CVE-2016-10293

MEDIUM

CVSS:4.7(Medium)

An information disclosure vulnerability in the Qualcomm video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because...

CWE-2002016

CVE-2016-10294

MEDIUM

CVSS:4.7(Medium)

An information disclosure vulnerability in the Qualcomm power driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because...

CWE-2002016