PT-2020-11601 · Google · Android

Published

2020-10-01

Updated

2020-10-16

CVE-2020-0246

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Android versions Android-10 through Android-11

Description A missing permission check in the getCarrierPrivilegeStatus function of UiccAccessRule.java could lead to local information disclosure of EID data. No additional execution privileges are needed for exploitation, and user interaction is not required.

Recommendations For Android versions Android-10 through Android-11, apply the necessary patch to include a permission check in the getCarrierPrivilegeStatus function of UiccAccessRule.java to prevent local information disclosure of EID data.

Fix

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

ASB-A-159062405

CVE-2020-0246

Affected Products

Android

PT-2020-11601 · Google · Android

CVE-2020-0246

Weakness Enumeration

Related Identifiers

Affected Products

References · 5