CVE-2019-7386 - OpenCVE

A Denial of Service issue has been discovered in the Gecko component of KaiOS 2.5 10.05 (platform 48.0.a2) on Nokia 8810 4G devices. When a crafted web page is visited with the internal browser, the Gecko process crashes with a segfault. Successful exploitation could lead to the remote code execution on the device.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:N/AC:M/Au:N/C:N/I:N/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Kaiostech	Kaios
Nokia	8810 4g 8810 4g Firmware

Configuration 1 [-]

AND

OR	cpe:2.3:o:kaiostech:kaios:2.5:::::::*
	cpe:2.3:o:nokia:8810_4g_firmware:10.05:::::::*

cpe:2.3:h:nokia:8810_4g:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://packetstormsecurity.com/files/151651/Nokia-8810-Denial-Of-Service.html
http://seclists.org/fulldisclosure/2019/Feb/35
http://www.breakthesec.com
http://www.breakthesec.com/search/label/0day
https://s3curityb3ast.github.io
https://s3curityb3ast.github.io/KSA-Dev-007.md

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-03-17T19:22:25

Updated: 2024-08-04T20:46:46.291Z

Reserved: 2019-02-04T00:00:00

Link: CVE-2019-7386

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2019-03-21T16:01:12.297

Modified: 2020-08-24T17:37:01.140

Link: CVE-2019-7386

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2019-02-12T00:00:00", "descriptions": [{"lang": "en", "value": "A Denial of Service issue has been discovered in the Gecko component of KaiOS 2.5 10.05 (platform 48.0.a2) on Nokia 8810 4G devices. When a crafted web page is visited with the internal browser, the Gecko process crashes with a segfault. Successful exploitation could lead to the remote code execution on the device."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-04-10T14:43:46", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20190212 KSA-Dev-007:CVE-2019-7386:DoS and gecko reboot in the nokia 8810 4G handset", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2019/Feb/35"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/151651/Nokia-8810-Denial-Of-Service.html"}, {"tags": ["x_refsource_MISC"], "url": "http://www.breakthesec.com/search/label/0day"}, {"tags": ["x_refsource_MISC"], "url": "https://s3curityb3ast.github.io"}, {"tags": ["x_refsource_MISC"], "url": "http://www.breakthesec.com"}, {"tags": ["x_refsource_MISC"], "url": "https://s3curityb3ast.github.io/KSA-Dev-007.md"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-7386", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A Denial of Service issue has been discovered in the Gecko component of KaiOS 2.5 10.05 (platform 48.0.a2) on Nokia 8810 4G devices. When a crafted web page is visited with the internal browser, the Gecko process crashes with a segfault. Successful exploitation could lead to the remote code execution on the device."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20190212 KSA-Dev-007:CVE-2019-7386:DoS and gecko reboot in the nokia 8810 4G handset", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/Feb/35"}, {"name": "http://packetstormsecurity.com/files/151651/Nokia-8810-Denial-Of-Service.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/151651/Nokia-8810-Denial-Of-Service.html"}, {"name": "http://www.breakthesec.com/search/label/0day", "refsource": "MISC", "url": "http://www.breakthesec.com/search/label/0day"}, {"name": "https://s3curityb3ast.github.io", "refsource": "MISC", "url": "https://s3curityb3ast.github.io"}, {"name": "http://www.breakthesec.com", "refsource": "MISC", "url": "http://www.breakthesec.com"}, {"name": "https://s3curityb3ast.github.io/KSA-Dev-007.md", "refsource": "MISC", "url": "https://s3curityb3ast.github.io/KSA-Dev-007.md"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T20:46:46.291Z"}, "title": "CVE Program Container", "references": [{"name": "20190212 KSA-Dev-007:CVE-2019-7386:DoS and gecko reboot in the nokia 8810 4G handset", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2019/Feb/35"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/151651/Nokia-8810-Denial-Of-Service.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.breakthesec.com/search/label/0day"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://s3curityb3ast.github.io"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.breakthesec.com"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://s3curityb3ast.github.io/KSA-Dev-007.md"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-7386", "datePublished": "2019-03-17T19:22:25", "dateReserved": "2019-02-04T00:00:00", "dateUpdated": "2024-08-04T20:46:46.291Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:kaiostech:kaios:2.5:*:*:*:*:*:*:*", "matchCriteriaId": "6B68C183-6100-498C-BEB8-CC96A59C8213", "vulnerable": true}, {"criteria": "cpe:2.3:o:nokia:8810_4g_firmware:10.05:*:*:*:*:*:*:*", "matchCriteriaId": "455FBEC8-DEAB-49B8-9C61-47327892B8A5", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:nokia:8810_4g:-:*:*:*:*:*:*:*", "matchCriteriaId": "5743F86E-0855-4E1C-8D88-4A221C49A73E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A Denial of Service issue has been discovered in the Gecko component of KaiOS 2.5 10.05 (platform 48.0.a2) on Nokia 8810 4G devices. When a crafted web page is visited with the internal browser, the Gecko process crashes with a segfault. Successful exploitation could lead to the remote code execution on the device."}, {"lang": "es", "value": "Se ha descubierto un problema de denegaci\u00f3n de servicio (DoS) en el componente Gecko de KaiOS 2.5 10.05 (plataforma 48.0.a2) en dispositivos Nokia 8810 4G. Cuando un sitio web manipulado se visita con el navegador interno, el proceso Gecko se cierra inesperadamente con un segfault. Si se explota con \u00e9xito, podr\u00eda conducir a la ejecuci\u00f3n remota de c\u00f3digo en el dispositivo."}], "id": "CVE-2019-7386", "lastModified": "2020-08-24T17:37:01.140", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-03-21T16:01:12.297", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/151651/Nokia-8810-Denial-Of-Service.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2019/Feb/35"}, {"source": "cve@mitre.org", "tags": ["Not Applicable", "Third Party Advisory"], "url": "http://www.breakthesec.com"}, {"source": "cve@mitre.org", "tags": ["Not Applicable", "Third Party Advisory"], "url": "http://www.breakthesec.com/search/label/0day"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://s3curityb3ast.github.io"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://s3curityb3ast.github.io/KSA-Dev-007.md"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}