Sign-up

ID

VAR-201906-0269


CVE

CVE-2019-12762


TITLE

Xiaomi Mi 5s Plus Vulnerabilities related to authorization, authority, and access control in devices

Trust: 0.8

sources: JVNDB: JVNDB-2019-005347

DESCRIPTION

Xiaomi Mi 5s Plus devices allow attackers to trigger touchscreen anomalies via a radio signal between 198 kHz and 203 kHz, as demonstrated by a transmitter and antenna hidden just beneath the surface of a coffee-shop table, aka Ghost Touch. Xiaomi Mi 5s Plus Devices have vulnerabilities related to authorization, permissions, and access control.Information may be tampered with. Xiaomi Mi 5s Plus is a smartphone of China Xiaomi Technology (Xiaomi). There is a security hole in Xiaomi Mi 5s Plus. Attackers can use the wireless signal between 198 kHz and 203 kHz to exploit this vulnerability to cause anomalies in the touch screen

Trust: 2.25

sources: NVD: CVE-2019-12762 // JVNDB: JVNDB-2019-005347 // CNVD: CNVD-2020-27290 // VULHUB: VHN-144541

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-27290

AFFECTED PRODUCTS

vendor:xiaomimodel:mi 5s plusscope: - version: -

Trust: 1.4

vendor:fujitsumodel:arrows nx f05-fscope:eqversion: -

Trust: 1.0

vendor:mimodel:5s plusscope:eqversion: -

Trust: 1.0

vendor:sharpmodel:aquos zeta sh-04fscope:eqversion: -

Trust: 1.0

vendor:googlemodel:nexus 7scope:eqversion: -

Trust: 1.0

vendor:googlemodel:nexus 9scope:eqversion: -

Trust: 1.0

vendor:samsungmodel:galaxy s4scope:eqversion: -

Trust: 1.0

vendor:samsungmodel:galaxy s6 edgescope:eqversion: -

Trust: 1.0

vendor:sonymodel:xperia z4scope:eqversion: -

Trust: 1.0

vendor:googlemodel:nexus 7scope: - version: -

Trust: 0.8

vendor:googlemodel:nexus 9scope: - version: -

Trust: 0.8

vendor:samsungmodel:galaxy s4scope: - version: -

Trust: 0.8

vendor:samsungmodel:galaxy s6 edgescope: - version: -

Trust: 0.8

vendor:sharpmodel:aquos zeta sh-04fscope: - version: -

Trust: 0.8

vendor:sonymodel:xperia z4scope: - version: -

Trust: 0.8

vendor:fujitsumodel:arrows nx f005-fscope: - version: -

Trust: 0.8

sources: CNVD: CNVD-2020-27290 // JVNDB: JVNDB-2019-005347 // NVD: CVE-2019-12762

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-12762
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-12762
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-27290
value: LOW

Trust: 0.6

CNNVD: CNNVD-201906-276
value: MEDIUM

Trust: 0.6

VULHUB: VHN-144541
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2019-12762
severity: LOW
baseScore: 1.9
vectorString: AV:L/AC:M/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.4
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-27290
severity: LOW
baseScore: 1.9
vectorString: AV:L/AC:M/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.4
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-144541
severity: LOW
baseScore: 1.9
vectorString: AV:L/AC:M/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.4
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-12762
baseSeverity: MEDIUM
baseScore: 4.2
vectorString: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: PHYSICAL
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 0.5
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2019-12762
baseSeverity: MEDIUM
baseScore: 4.2
vectorString: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: PHYSICAL
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-27290 // VULHUB: VHN-144541 // JVNDB: JVNDB-2019-005347 // CNNVD: CNNVD-201906-276 // NVD: CVE-2019-12762

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-264

Trust: 0.9

sources: VULHUB: VHN-144541 // JVNDB: JVNDB-2019-005347 // NVD: CVE-2019-12762

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201906-276

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-005347

PATCH
title:Nexusurl:https://support.google.com/nexus/answer/6102470?hl=ja
Trust: 0.8
title:Top Pageurl:https://www.galaxymobile.jp/
Trust: 0.8
title:Xperia Z4url:https://www.sonymobile.co.jp/xperia/softbank/z4/
Trust: 0.8
title:Mi 5s Plusurl:https://www.mi.com/global/mi5splus/
Trust: 0.8
title:Aquos Zeta SH-04Furl:https://jp.sharp/products/sh04f/spec/
Trust: 0.8
title:arrowsシリーズurl:https://www.fmworld.net/product/phone/arrows/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-005347

EXTERNAL IDS
db:NVDid:CVE-2019-12762
Trust: 3.1
db:JVNDBid:JVNDB-2019-005347
Trust: 0.8
db:CNVDid:CNVD-2020-27290
Trust: 0.7
db:CNNVDid:CNNVD-201906-276
Trust: 0.7
db:VULHUBid:VHN-144541
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-27290 // 
            
            
            
            VULHUB: VHN-144541 // 
            
            
            
            JVNDB: JVNDB-2019-005347 // 
            
            
            
            CNNVD: CNNVD-201906-276 // 
            
            
            
            NVD: CVE-2019-12762

REFERENCES
url:https://hackercombat.com/nfc-vulnerability-may-promote-ghost-screen-taps/
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2019-12762
Trust: 2.0
url:https://medium.com/%40juliodellaflora/ghost-touch-on-xiaomi-mi5s-plus-707998308607
Trust: 1.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-12762
Trust: 0.8
url:https://medium.com/@juliodellaflora/ghost-touch-on-xiaomi-mi5s-plus-707998308607
Trust: 0.7
sources:
            
            
            CNVD: CNVD-2020-27290 // 
            
            
            
            VULHUB: VHN-144541 // 
            
            
            
            JVNDB: JVNDB-2019-005347 // 
            
            
            
            CNNVD: CNNVD-201906-276 // 
            
            
            
            NVD: CVE-2019-12762

SOURCES
db:CNVDid:CNVD-2020-27290
db:VULHUBid:VHN-144541
db:JVNDBid:JVNDB-2019-005347
db:CNNVDid:CNNVD-201906-276
db:NVDid:CVE-2019-12762

LAST UPDATE DATE
2024-11-23T22:12:00.036000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-27290date:2020-05-09T00:00:00
db:VULHUBid:VHN-144541date:2020-08-24T00:00:00
db:JVNDBid:JVNDB-2019-005347date:2019-06-19T00:00:00
db:CNNVDid:CNNVD-201906-276date:2020-08-25T00:00:00
db:NVDid:CVE-2019-12762date:2024-11-21T04:23:31.383

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-27290date:2020-05-09T00:00:00
db:VULHUBid:VHN-144541date:2019-06-06T00:00:00
db:JVNDBid:JVNDB-2019-005347date:2019-06-19T00:00:00
db:CNNVDid:CNNVD-201906-276date:2019-06-06T00:00:00
db:NVDid:CVE-2019-12762date:2019-06-06T20:29:02.807