Main Vulnerability Database Vulnerabilities #VU34679

Incorrect default permissions in Google Android - CVE-2019-20536

Published: March 24, 2020 / Updated: August 8, 2020

Vulnerability identifier: #VU34679

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2019-20536

CWE-ID: CWE-276

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

An issue was discovered on Samsung mobile devices with N(7.1), O(8.x), and P(9.0) (released in China) software. The Firewall application mishandles the PermissionWhiteLists protection mechanism. The Samsung ID is SVE-2019-14299 (November 2019).

How to mitigate CVE-2019-20536

Install update from vendor's website.

Sources

https://security.samsungmobile.com/securityUpdate.smsb

Incorrect default permissions in Google Android - CVE-2019-20536

Detailed vulnerability description

How to mitigate CVE-2019-20536

Sources

Please verify you're human