Input validation error in Google Android - CVE-2020-11874

 

Input validation error in Google Android - CVE-2020-11874

Published: April 17, 2020 / Updated: August 8, 2020


Vulnerability identifier: #VU34445
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2020-11874
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: Google
Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9, and 10 software. Attackers can bypass Factory Reset Protection (FRP). The LG ID is LVE-SMP-200004 (March 2020).


How to mitigate CVE-2020-11874

Install update from vendor's website.

Sources