PT-2020-16475 · Samsung · Ethernetnetwork

Published

2020-10-06

Updated

2020-10-08

CVE-2020-26602

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Samsung mobile devices with O(8.1) Samsung mobile devices with P(9.0) Samsung mobile devices with Q(10.0) Samsung mobile devices with R(11.0)

Description An issue was discovered in EthernetNetwork on Samsung mobile devices. PendingIntent allows sdcard access by an unprivileged process.

Recommendations For Samsung mobile devices with O(8.1), update to a version that fixes the issue. For Samsung mobile devices with P(9.0), update to a version that fixes the issue. For Samsung mobile devices with Q(10.0), update to a version that fixes the issue. For Samsung mobile devices with R(11.0), update to a version that fixes the issue. As a temporary workaround, consider restricting access to the sdcard to minimize the risk of exploitation.

Fix

Exposure of Resource to Wrong Sphere

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-668

Related Identifiers

CVE-2020-26602

Affected Products

Ethernetnetwork

PT-2020-16475 · Samsung · Ethernetnetwork

CVE-2020-26602

Weakness Enumeration

Related Identifiers

Affected Products

References · 3