CVE-2019-11015 - Vulnerability Details - OpenCVE

A vulnerability was found in the MIUI OS version 10.1.3.0 that allows a physically proximate attacker to bypass Lockscreen based authentication via the Wallpaper Carousel application to obtain sensitive Clipboard data and the user's stored credentials (partially). This occurs because of paste access to a social media login page.

No CVSS v4.0

No CVSS v3.1

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Miui	Miui

Configuration 1 [-]

cpe:2.3:o:miui:miui:10.1.3.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.andmp.com/2019/04/unpatched-vulnerability-in-xiaomi-miui-os-lock-screen.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-04-18T21:51:29

Updated: 2024-08-04T22:40:15.956Z

Reserved: 2019-04-08T00:00:00

Link: CVE-2019-11015

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-04-18T22:29:00.250

Modified: 2024-11-21T04:20:21.850

Link: CVE-2019-11015

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2019-04-09T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability was found in the MIUI OS version 10.1.3.0 that allows a physically proximate attacker to bypass Lockscreen based authentication via the Wallpaper Carousel application to obtain sensitive Clipboard data and the user's stored credentials (partially). This occurs because of paste access to a social media login page."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-04-18T21:51:29", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.andmp.com/2019/04/unpatched-vulnerability-in-xiaomi-miui-os-lock-screen.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-11015", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability was found in the MIUI OS version 10.1.3.0 that allows a physically proximate attacker to bypass Lockscreen based authentication via the Wallpaper Carousel application to obtain sensitive Clipboard data and the user's stored credentials (partially). This occurs because of paste access to a social media login page."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.andmp.com/2019/04/unpatched-vulnerability-in-xiaomi-miui-os-lock-screen.html", "refsource": "MISC", "url": "https://www.andmp.com/2019/04/unpatched-vulnerability-in-xiaomi-miui-os-lock-screen.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T22:40:15.956Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.andmp.com/2019/04/unpatched-vulnerability-in-xiaomi-miui-os-lock-screen.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-11015", "datePublished": "2019-04-18T21:51:29", "dateReserved": "2019-04-08T00:00:00", "dateUpdated": "2024-08-04T22:40:15.956Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:miui:miui:10.1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "19062853-86DB-4FD7-9176-505F0EEE1903", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in the MIUI OS version 10.1.3.0 that allows a physically proximate attacker to bypass Lockscreen based authentication via the Wallpaper Carousel application to obtain sensitive Clipboard data and the user's stored credentials (partially). This occurs because of paste access to a social media login page."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en el MIUI OS versi\u00f3n 10.1.3.0, que permite a un atacante f\u00edsicamente pr\u00f3ximo omitir la autorizaci\u00f3n basada en LockScreen mediante la aplicaci\u00f3n Wallpaper Carousel para conseguir datos confidenciales del portapapeles y las credenciales almacenadas del usuario (parcialmente). Esto ocurre debido al acceso de pegado a una p\u00e1gina de inicio de sesi\u00f3n en redes sociales."}], "id": "CVE-2019-11015", "lastModified": "2024-11-21T04:20:21.850", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 0.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-04-18T22:29:00.250", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.andmp.com/2019/04/unpatched-vulnerability-in-xiaomi-miui-os-lock-screen.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.andmp.com/2019/04/unpatched-vulnerability-in-xiaomi-miui-os-lock-screen.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}