The Leagoo P1 Android device with a build fingerprint of sp7731c_1h10_32v4_bird:6.0/MRA58K/android.20170629.214736:user/release-keys contains a hidden root privilege escalation capability to achieve command execution as the root user. They have made modifications that allow a user with physical access to the device to obtain a root shell via ADB by modifying read-only system properties at runtime. Specifically, modifying the ro.debuggable and the ro.secure system properties to a certain value and then restarting the ADB daemon allows for a root shell to be obtained via ADB.
Published 2018-12-28 21:29:01
Updated 2019-10-03 00:03:26
Source MITRE
View at NVD,   CVE.org
Vulnerability category: Gain privilege

Exploit prediction scoring system (EPSS) score for CVE-2018-14998

0.09%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 35 %
Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2018-14998

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
7.2
HIGH AV:L/AC:L/Au:N/C:C/I:C/A:C
3.9
10.0
NIST
6.8
MEDIUM CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.9
5.9
NIST

CWE ids for CVE-2018-14998

References for CVE-2018-14998

Products affected by CVE-2018-14998

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!