Improper Authentication in Google Android - CVE-2019-20595
Published: March 24, 2020 / Updated: August 8, 2020
Vulnerability identifier: #VU34610
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2019-20595
CWE-ID: CWE-287
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Google
Affected software:
Google Android
Google Android
Detailed vulnerability description
The vulnerability allows a local non-authenticated attacker to manipulate data.
An issue was discovered on Samsung mobile devices with P(9.0) software. Quick Panel allows enabling or disabling the Bluetooth stack without authentication. The Samsung ID is SVE-2019-14545 (July 2019).
How to mitigate CVE-2019-20595
Install update from vendor's website.