CVE-2019-16241

On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, PIN authentication can be bypassed by creating a special file within the /data/local/tmp/ directory. The System application that implements the lock screen checks for the existence of a specific file and disables PIN authentication if it exists. This file would typically be created via Android Debug Bridge (adb) over USB.

CVSS v3 6.8 MEDIUM
CVSS v2.0 4.6 MEDIUM

6.8^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.9 / Impact : 5.9

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

4.6^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://www.nccgroup.trust/uk/our-research/?research=Technical+advisories	Third Party Advisory
https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-alcatel-flip-2/#C	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:alcatelmobile:cingular_flip_2_firmware:b9huah1:*:*:*:*:*:*:*

cpe:2.3:h:alcatelmobile:cingularl_flip_2:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2019-11-26 16:15

Updated : 2023-12-10 13:13

NVD link : CVE-2019-16241

Mitre link : CVE-2019-16241

CVE.ORG link : CVE-2019-16241

JSON object : View

Products Affected

alcatelmobile

cingular_flip_2_firmware
cingularl_flip_2

CWE

CWE-668

Exposure of Resource to Wrong Sphere

{"id": "CVE-2019-16241", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.9}]}, "published": "2019-11-26T16:15:12.307", "references": [{"url": "https://www.nccgroup.trust/uk/our-research/?research=Technical+advisories", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-alcatel-flip-2/#C", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-668"}]}], "descriptions": [{"lang": "en", "value": "On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, PIN authentication can be bypassed by creating a special file within the /data/local/tmp/ directory. The System application that implements the lock screen checks for the existence of a specific file and disables PIN authentication if it exists. This file would typically be created via Android Debug Bridge (adb) over USB."}, {"lang": "es", "value": "En los dispositivos TCL Alcatel Cingular Flip 2 B9HUAH1, se puede omitir la identificaci\u00f3n de PIN al crear un archivo especial dentro del directorio /data/local/tmp/. La aplicaci\u00f3n del sistema que implementa la pantalla de bloqueo comprueba la existencia de un archivo espec\u00edfico y deshabilita la autenticaci\u00f3n PIN si existe. Este archivo com\u00fanmente es creado por medio de Android Debug Bridge (adb) mediante USB."}], "lastModified": "2020-08-24T17:37:01.140", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:alcatelmobile:cingular_flip_2_firmware:b9huah1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "59C5C60C-6507-4FDF-AE22-2CED02B75181"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:alcatelmobile:cingularl_flip_2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E2ACF80B-A813-4B2C-AC9B-130040E8F8B9"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}