Sign-up

ID

VAR-202008-0575


CVE

CVE-2020-25054


TITLE

Samsung  Input verification vulnerabilities on mobile devices

Trust: 0.8

sources: JVNDB: JVNDB-2020-010763

DESCRIPTION

An issue was discovered on Samsung mobile devices with software through 2020-04-02 (Exynos modem chipsets). There is a heap-based buffer over-read in the Shannon baseband. The Samsung ID is SVE-2020-17239 (August 2020). Vendor exploits this vulnerability SVE-2020-17239 Is published as.Information is obtained and denial of service (DoS) It may be put into a state

Trust: 1.62

sources: NVD: CVE-2020-25054 // JVNDB: JVNDB-2020-010763

AFFECTED PRODUCTS

vendor:samsungmodel:exynosscope:eqversion: -

Trust: 1.0

vendor:サムスンmodel:exynosscope:eqversion: -

Trust: 0.8

vendor:サムスンmodel:exynosscope:lteversion:2020/04/02

Trust: 0.8

sources: JVNDB: JVNDB-2020-010763 // NVD: CVE-2020-25054

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-25054
value: CRITICAL

Trust: 1.0

NVD: CVE-2020-25054
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202008-1481
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2020-25054
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2020-25054
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.2
version: 3.1

Trust: 1.0

NVD: CVE-2020-25054
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2020-010763 // CNNVD: CNNVD-202008-1481 // NVD: CVE-2020-25054

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.0

problemtype:Incorrect input confirmation (CWE-20) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-010763 // NVD: CVE-2020-25054

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202008-1481

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202008-1481

PATCH

title:SMR-AUG-2020url:https://security.samsungmobile.com/securityUpdate.smsb

Trust: 0.8

title:Samsung Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=127353

Trust: 0.6

sources: JVNDB: JVNDB-2020-010763 // CNNVD: CNNVD-202008-1481

EXTERNAL IDS

db:NVDid:CVE-2020-25054

Trust: 2.4

db:JVNDBid:JVNDB-2020-010763

Trust: 0.8

db:CNNVDid:CNNVD-202008-1481

Trust: 0.6

sources: JVNDB: JVNDB-2020-010763 // CNNVD: CNNVD-202008-1481 // NVD: CVE-2020-25054

REFERENCES

url:https://security.samsungmobile.com/securityupdate.smsb

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2020-25054

Trust: 1.4

sources: JVNDB: JVNDB-2020-010763 // CNNVD: CNNVD-202008-1481 // NVD: CVE-2020-25054

SOURCES

db:JVNDBid:JVNDB-2020-010763
db:CNNVDid:CNNVD-202008-1481
db:NVDid:CVE-2020-25054

LAST UPDATE DATE

2024-11-23T23:07:54.434000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2020-010763date:2021-02-03T05:30:00
db:CNNVDid:CNNVD-202008-1481date:2020-10-22T00:00:00
db:NVDid:CVE-2020-25054date:2024-11-21T05:17:05.153

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2020-010763date:2021-02-03T00:00:00
db:CNNVDid:CNNVD-202008-1481date:2020-08-31T00:00:00
db:NVDid:CVE-2020-25054date:2020-08-31T21:15:15.753