PT-2020-7899 · Canonical · Unity8

Michael Terry

Published

2020-05-07

Updated

2020-05-12

CVE-2015-7946

CVSS v3.1

7.3

High

Vector

AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions: Unity8 versions prior to 8.11+16.04.20160111.1-0ubuntu1 Unity8 versions prior to 8.11+15.04.20160122-0ubuntu1

Description: The issue allows an attacker to enable the MTP service by opening the emergency dialer, potentially exposing information. This affects Unity8 as used on the Ubuntu phone and possibly also in Unity8 shipped elsewhere.

Recommendations: For versions prior to 8.11+16.04.20160111.1-0ubuntu1, update to 8.11+16.04.20160111.1-0ubuntu1 or later. For versions prior to 8.11+15.04.20160122-0ubuntu1, update to 8.11+15.04.20160122-0ubuntu1 or later. As a temporary workaround, consider restricting access to the emergency dialer to minimize the risk of exploitation.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2015-7946

Affected Products

Unity8

PT-2020-7899 · Canonical · Unity8

CVE-2015-7946

Weakness Enumeration

Related Identifiers

Affected Products

References · 7