Improper Authentication in Google Android - CVE-2020-13838
Published: June 4, 2020 / Updated: August 8, 2020
Vulnerability identifier: #VU34373
CSH Severity: Low
CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-13838
CWE-ID: CWE-287
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Google Android
Google Android
Software vendor:
Google
Description
The vulnerability allows a local non-authenticated attacker to read and manipulate data.
An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. The DeX Lockscreen feature does not block access to Quick Panel and notifications. The Samsung ID is SVE-2020-17187 (June 2020).
Remediation
Install update from vendor's website.