PT-2020-6162 · Andy · Andyos Andy

Maciej Miszczyk

Published

2020-04-14

Updated

2020-08-24

CVE-2019-14326

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions AndyOS Andy versions up to 46.11.113

Description An issue in AndyOS Andy allows remote attackers to gain full access to the device or enables malicious apps to perform privilege escalation to root. This is due to telnet and ssh services starting with root privileges by default in the emulated Android system, with no authentication required for access to a root shell.

Recommendations For AndyOS Andy versions up to 46.11.113, consider disabling the telnet and ssh services to prevent exploitation until a patch is available. Restrict access to the emulated Android system to minimize the risk of privilege escalation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Incorrect Default Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-276

Related Identifiers

BDU:2021-03299

CVE-2019-14326

Affected Products

Andyos Andy

PT-2020-6162 · Andy · Andyos Andy

CVE-2019-14326

Weakness Enumeration

Related Identifiers

Affected Products

References · 8