Main Vulnerability Database SB2020042332

SB2020042332 - Information disclosure in multiple SHARP Android devices

Published: April 23, 2020

Security Bulletin ID SB2020042332

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Information disclosure (CVE-ID: CVE-2020-5571)

The vulnerability allows a local attacker to gain access to potentially sensitive information.

The vulnerability exists due to information disclosure issue in multiple SHARP Android devices. A local attacker can trick a victim to install a malicious appllication and gain unauthorized access to sensitive information on the system.

Remediation

Install update from vendor's website.

References

Vulnerable Software

AQUOS SH-M02: 01.00.05 and previous versions
AQUOS SH-RM02: 01.00.04 and previous versions
AQUOS mini SH-M03: 01.00.04 and previous versions
AQUOS Keitai SH-N01: 01.00.01 and previous versions
AQUOS L2 (UQ mobile/J:COM): 01.00.05 and previous versions
AQUOS sense lite SH-M05: 03.00.04 and previous versions
AQUOS sense (UQ mobile): 03.00.03 and previous versions
AQUOS compact SH-M06: 02.00.02 and previous versions
AQUOS sense plus SH-M07: 02.00.02 and previous versions
AQUOS sense2 SH-M08: 02.00.05 and previous versions
AQUOS sense2 (UQ mobile): 02.00.06 and previous versions

SB2020042332 - Information disclosure in multiple SHARP Android devices

Breakdown by Severity

Description

Remediation

References

Please verify you're human