Improper Neutralization of Special Elements in Output Used by a Downstream Component in Google Android - CVE-2020-25048
Published: August 31, 2020 / Updated: September 8, 2020
Vulnerability identifier: #VU46339
CSH Severity: Medium
CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2020-25048
CWE-ID: CWE-74
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Google Android
Google Android
Software vendor:
Google
Description
The vulnerability allows a local non-authenticated attacker to gain access to sensitive information.
An issue was discovered on Samsung mobile devices with Q(10.0) (with ONEUI 2.1) software. In the Lockscreen state, the Quick Share feature allows unauthenticated downloads, aka file injection. The Samsung ID is SVE-2020-17760 (August 2020).
Remediation
Install update from vendor's website.