Google Android 11.0 NFC escalazione di privilegi

voceeditHistoryDiffjsonxmlCTI

Un punto di criticita di livello problematico è stato rilevato in Google Android 11.0 (Smartphone Operating System). Da questa vulnerabilità è interessato una funzione sconosciuta del componente NFC. Applicando a patch è possibile eliminare il problema.

Campo19/09/2020 08:45 AM19/09/2020 08:50 AM
vendorGoogleGoogle
nameAndroidAndroid
version11.011.0
componentNFCNFC
risk11
cvss2_vuldb_basescore1.01.0
cvss2_vuldb_tempscore0.90.9
cvss2_vuldb_avLL
cvss2_vuldb_acHH
cvss2_vuldb_auSS
cvss2_vuldb_ciPP
cvss2_vuldb_iiNN
cvss2_vuldb_aiNN
cvss3_meta_basescore3.43.4
cvss3_meta_tempscore3.33.3
cvss3_vuldb_basescore2.52.5
cvss3_vuldb_tempscore2.42.4
cvss3_vuldb_avLL
cvss3_vuldb_acHH
cvss3_vuldb_prLL
cvss3_vuldb_uiNN
cvss3_vuldb_sUU
cvss3_vuldb_cLL
cvss3_vuldb_iNN
cvss3_vuldb_aNN
date1600387200 (18/09/2020)1600387200 (18/09/2020)
urlhttps://source.android.com/security/bulletin/android-11https://source.android.com/security/bulletin/android-11
price_0day$5k-$25k$5k-$25k
price_trend++
namePatchPatch
cveCVE-2020-0349CVE-2020-0349
seealso161398 161399 161402 161403 161404 161405 161406 161407 161408 161410 161411 161412 161413 161414 161415 161416 161417 161418 161419 161420 161421 161422 161423 161424 161425 161426 161427 161428 161429 161430161398 161399 161402 161403 161404 161405 161406 161407 161408 161410 161411 161412 161413 161414 161415 161416 161417 161418 161419 161420 161421 161422 161423 161424 161425 161426 161427 161428 161429 161430
locationWebsiteWebsite
cvss2_vuldb_eNDND
cvss2_vuldb_rlOFOF
cvss2_vuldb_rcNDND
cvss3_vuldb_eXX
cvss3_vuldb_rlOO
cvss3_vuldb_rcXX
cvss3_nvd_basescore4.44.4
typeSmartphone Operating System
cwe0281 (escalazione di privilegi)
cvss2_nvd_avL
cvss2_nvd_acL
cvss2_nvd_auN
cvss2_nvd_ciP
cvss2_nvd_iiN
cvss2_nvd_aiN
cvss3_nvd_avL
cvss3_nvd_acL
cvss3_nvd_prH
cvss3_nvd_uiN
cvss3_nvd_sU
cvss3_nvd_cH
cvss3_nvd_iN
cvss3_nvd_aN
cve_assigned1571270400
cve_nvd_summaryIn NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-139188779

Interested in the pricing of exploits?

See the underground prices here!