Improper Authentication in Google Android - CVE-2020-13837
Published: June 4, 2020 / Updated: August 8, 2020
Vulnerability identifier: #VU34372
CSH Severity: Low
CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-13837
CWE-ID: CWE-287
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Google Android
Google Android
Software vendor:
Google
Description
The vulnerability allows a local non-authenticated attacker to read and manipulate data.
An issue was discovered on Samsung mobile devices with Q(10.0) software. The Lockscreen feature does not block Quick Panel access to Music Share. The Samsung ID is SVE-2020-17145 (June 2020).
Remediation
Install update from vendor's website.