SB2020041752 - Improper Neutralization of Special Elements in Output Used by a Downstream Component in Google, Google Android

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2020041752

SB2020041752 - Improper Neutralization of Special Elements in Output Used by a Downstream Component in Google, Google Android

Published: April 17, 2020 Updated: August 8, 2020

Security Bulletin ID SB2020041752
Severity
Low
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Local access
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 security vulnerability.


1) Improper Neutralization of Special Elements in Output Used by a Downstream Component (CVE-ID: CVE-2019-20773)

The vulnerability allows a local authenticated user to execute arbitrary code.

An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, 8.1, and 9.0 software. Unprivileged applications can execute shell commands via the connectivity service. The LG ID is LVE-SMP-190008 (August 2019).


Remediation

Install update from vendor's website.

References