Lucene search

VivoCVELIST:CVE-2020-12483

HistoryMar 23, 2021 - 4:15 p.m.

CVE-2020-12483 AppStore Remote Download and Installation Vulnerability

2021-03-2316:15:00

CWE-601

Vivo

www.cve.org

cve-2020-12483

appstore

remote download

installation

vulnerability

exposes components

remote install

CVSS3

8.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N

AI Score

8.2

Confidence

High

EPSS

0.001

Percentile

33.8%

JSON

The appstore before 8.12.0.0 exposes some of its components, and the attacker can cause remote download and install apps through carefully constructed parameters.

CNA Affected

[
  {
    "product": "appstore",
    "vendor": "vivo",
    "versions": [
      {
        "lessThan": "8.12.0.0",
        "status": "affected",
        "version": "8.12.0.0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.vivo.com/en/support/security-advisory-detail?id=1

CVSS3

8.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N

AI Score

8.2

Confidence

High

EPSS

0.001

Percentile

33.8%

JSON

Related for CVELIST:CVE-2020-12483