CVE-2018-14825 — MEDIUM (5.8)

Vulnerability Description

On Honeywell Mobile Computers (CT60 running Android OS 7.1, CN80 running Android OS 7.1, CT40 running Android OS 7.1, CK75 running Android OS 6.0, CN75 running Android OS 6.0, CN75e running Android OS 6.0, CT50 running Android OS 6.0, D75e running Android OS 6.0, CT50 running Android OS 4.4, D75e running Android OS 4.4, CN51 running Android OS 6.0, EDA50k running Android 4.4, EDA50 running Android OS 7.1, EDA50k running Android OS 7.1, EDA70 running Android OS 7.1, EDA60k running Android OS 7.1, and EDA51 running Android OS 8.1), a skilled attacker with advanced knowledge of the target system could exploit this vulnerability by creating an application that would successfully bind to the service and gain elevated system privileges. This could enable the attacker to obtain access to keystrokes, passwords, personal identifiable information, photos, emails, or business-critical documents.

CVSS Score

5.8

MEDIUM

CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

HIGH

Affected Products

Vendor	Product	Versions
Honeywell	Cn80	-
Honeywell	Ct40	-
Honeywell	Ct60	-
Honeywell	Eda50	-
Honeywell	Eda50K	-
Honeywell	Eda60K	-
Honeywell	Eda70	-
Google	Android	7.1.0
Honeywell	Ck75	-
Honeywell	Cn51	-
Honeywell	Cn75	-
Honeywell	Cn75E	-
Honeywell	D75E	-
Honeywell	Ct50	-
Honeywell	Eda51	-

Related Weaknesses (CWE)

CWE-732 CWE-269

References

http://www.securityfocus.com/bid/105767Third Party AdvisoryVDB Entry
https://cert.vde.com/de-de/advisories/vde-2018-016Third Party Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-18-256-01Third Party AdvisoryUS Government Resource
http://www.securityfocus.com/bid/105767Third Party AdvisoryVDB Entry
https://cert.vde.com/de-de/advisories/vde-2018-016Third Party Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-18-256-01Third Party AdvisoryUS Government Resource

FAQ

What is CVE-2018-14825?

CVE-2018-14825 is a vulnerability with a CVSS score of 5.8 (MEDIUM). On Honeywell Mobile Computers (CT60 running Android OS 7.1, CN80 running Android OS 7.1, CT40 running Android OS 7.1, CK75 running Android OS 6.0, CN75 running Android OS 6.0, CN75e running Android OS...

How severe is CVE-2018-14825?

CVE-2018-14825 has been rated MEDIUM with a CVSS base score of 5.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-14825?

Check the references section above for vendor advisories and patch information. Affected products include: Honeywell Cn80, Honeywell Ct40, Honeywell Ct60, Honeywell Eda50, Honeywell Eda50K.