Main Vulnerability Database Vulnerabilities #VU34618

Missing Authorization in Google Android - CVE-2019-20608

Published: March 24, 2020 / Updated: August 8, 2020

Vulnerability identifier: #VU34618

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2019-20608

CWE-ID: CWE-862

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. An attacker can use Emergency mode to disable features. The Samsung IDs are SVE-2018-13164, SVE-2018-13165 (April 2019).

How to mitigate CVE-2019-20608

Install update from vendor's website.

Sources

https://security.samsungmobile.com/securityUpdate.smsb

Missing Authorization in Google Android - CVE-2019-20608

Detailed vulnerability description

How to mitigate CVE-2019-20608

Sources

Please verify you're human