Improper Authentication in Google Android - CVE-2020-13837

 

Improper Authentication in Google Android - CVE-2020-13837

Published: June 4, 2020 / Updated: August 8, 2020


Vulnerability identifier: #VU34372
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-13837
CWE-ID: CWE-287
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: Google
Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a local non-authenticated attacker to read and manipulate data.

An issue was discovered on Samsung mobile devices with Q(10.0) software. The Lockscreen feature does not block Quick Panel access to Music Share. The Samsung ID is SVE-2020-17145 (June 2020).


How to mitigate CVE-2020-13837

Install update from vendor's website.

Sources