How severe is CVE-2018-6598?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.1 out of 10.

What type of vulnerability is CVE-2018-6598?

This is classified as CWE-732, which is a common weakness in software security.

CVE-2018-6598

HIGH Year: 2018

CVSS v3 Score

7.1

High

CVSS v2 Score

5.6

Medium

Weakness Type

CWE-732

View all →

Vulnerability Description

An issue was discovered on Orbic Wonder Orbic/RC555L/RC555L:7.1.2/N2G47H/329100b:user/release-keys devices. Any app co-located on the device can send an intent to factory reset the device programmatically because of com.android.server.MasterClearReceiver. This does not require any user interaction and does not require any permission to perform. A factory reset will remove all user data from the device. This will result in the loss of any data that the user has not backed up or synced externally. This capability to perform a factory reset is not directly available to third-party apps (those that the user installs themselves), although this capability is present in an unprotected component of the Android OS. This vulnerability is not present in Google's Android Open Source Project (AOSP) code. Therefore, it was introduced by Orbic or another entity in the supply chain.

CVE-2001-0006

HIGH

CVSS:7.1(High)

The Winsock2ProtocolCatalogMutex mutex in Windows NT 4.0 has inappropriate Everyone/Full Control permissions, which allows local users to modify the permissions to "No Access" and disable Winsock netw...

CWE-7322001

CVE-2004-1714

HIGH

CVSS:7.1(High)

BlackICE PC Protection and Server Protection installs (1) firewall.ini, (2) blackice.ini, (3) sigs.ini and (4) protect.ini with Everyone Full Control permissions, which allows local users to cause a d...

CWE-7322004

CVE-2005-4868

HIGH

CVSS:7.1(High)

Shared memory sections and events in IBM DB2 8.1 have default permissions of read and write for the Everyone group, which allows local users to gain unauthorized access, gain sensitive information, su...

CWE-7322005

CVE-2009-3611

HIGH

CVSS:7.1(High)

common/snapshots.py in Back In Time (aka backintime) 0.9.26 changes certain permissions to 0777 before deleting the files in an old backup snapshot, which allows local users to obtain sensitive inform...

CWE-7322009

CVE-2009-3939

HIGH

CVSS:7.1(High)

The poll_mode_io file for the megaraid_sas driver in the Linux kernel 2.6.31.6 and earlier has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying th...

CWE-7322009

CVE-2017-18284

HIGH

CVSS:7.1(High)

The Gentoo app-backup/burp package before 2.1.32 sets the ownership of the PID file directory to the burp account, which might allow local users to kill arbitrary processes by leveraging access to thi...

CWE-7322017

CVE-2018-6598

Vulnerability Description

Related Vulnerabilities

CVE-2001-0006

CVE-2004-1714

CVE-2005-4868

CVE-2009-3611

CVE-2009-3939

CVE-2017-18284