Details of VAR-202010-0553

ID

VAR-202010-0553

CVE

CVE-2020-26602

TITLE

Samsung Vulnerability in leaking resources to the wrong area on mobile devices

Trust: 0.8

sources: JVNDB: JVNDB-2020-011904

DESCRIPTION

An issue was discovered in EthernetNetwork on Samsung mobile devices with O(8.1), P(9.0), Q(10.0), and R(11.0) software. PendingIntent allows sdcard access by an unprivileged process. The Samsung ID is SVE-2020-18392 (October 2020). This vulnerability is Samsung ID: SVE-2020-18392 It is published as.Information may be obtained. are all products of South Korean Samsung (Samsung). Samsung mobile devices O (8.1), P (9.0), Q (10.0) and R (11.0) have security vulnerabilities, which stem from a problem with EthernetNetwork. No detailed vulnerability details are currently provided

Trust: 2.16

sources: NVD: CVE-2020-26602 // JVNDB: JVNDB-2020-011904 // CNVD: CNVD-2020-65255

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-65255

AFFECTED PRODUCTS

vendor:	google	model:	android	scope:	eq	version:	11.0	Trust: 1.0
vendor:	google	model:	android	scope:	eq	version:	8.1	Trust: 1.0
vendor:	google	model:	android	scope:	eq	version:	9.0	Trust: 1.0
vendor:	google	model:	android	scope:	eq	version:	10.0	Trust: 1.0
vendor:	google	model:	android	scope:	eq	version:	-	Trust: 0.8
vendor:	google	model:	android	scope:	eq	version:	o(8.x)	Trust: 0.8
vendor:	google	model:	android	scope:	eq	version:	p(9.0)	Trust: 0.8
vendor:	google	model:	android	scope:	eq	version:	q(10.0)	Trust: 0.8
vendor:	google	model:	android	scope:	eq	version:	r(11.0)	Trust: 0.8
vendor:	google	model:	android	scope:	-	version:	-	Trust: 0.8
vendor:	samsung	model:	mobile devices p	scope:	-	version:	-	Trust: 0.6
vendor:	samsung	model:	mobile devices q	scope:	-	version:	-	Trust: 0.6
vendor:	samsung	model:	mobile devices r	scope:	-	version:	-	Trust: 0.6
vendor:	samsung	model:	mobile devices o	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2020-65255 // JVNDB: JVNDB-2020-011904 // NVD: CVE-2020-26602

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-26602
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-26602
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2020-65255
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202010-163
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2020-26602
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2020-65255
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-26602
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2020-26602
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-65255 // JVNDB: JVNDB-2020-011904 // CNNVD: CNNVD-202010-163 // NVD: CVE-2020-26602

PROBLEMTYPE DATA

problemtype:	CWE-668	Trust: 1.0
problemtype:	Leakage of resources to the wrong area (CWE-668) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-011904 // NVD: CVE-2020-26602

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202010-163

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202010-163

PATCH

title:	top page	url:	https://www.android.com/	Trust: 0.8
title:	Patch for Samsung products have unspecified vulnerabilities (CNVD-2020-65255)	url:	https://www.cnvd.org.cn/patchInfo/show/240667	Trust: 0.6
title:	Measures to fix security vulnerabilities in Samsung mobile devices	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=130207	Trust: 0.6

sources: CNVD: CNVD-2020-65255 // JVNDB: JVNDB-2020-011904 // CNNVD: CNNVD-202010-163

EXTERNAL IDS

db:	NVD	id:	CVE-2020-26602	Trust: 3.0
db:	JVNDB	id:	JVNDB-2020-011904	Trust: 0.8
db:	CNVD	id:	CNVD-2020-65255	Trust: 0.6
db:	NSFOCUS	id:	50484	Trust: 0.6
db:	CNNVD	id:	CNNVD-202010-163	Trust: 0.6

sources: CNVD: CNVD-2020-65255 // JVNDB: JVNDB-2020-011904 // CNNVD: CNNVD-202010-163 // NVD: CVE-2020-26602

REFERENCES

url:	https://security.samsungmobile.com/securityupdate.smsb	Trust: 3.0
url:	https://nvd.nist.gov/vuln/detail/cve-2020-26602	Trust: 1.4
url:	http://www.nsfocus.net/vulndb/50484	Trust: 0.6

sources: CNVD: CNVD-2020-65255 // JVNDB: JVNDB-2020-011904 // CNNVD: CNNVD-202010-163 // NVD: CVE-2020-26602

SOURCES

db:	CNVD	id:	CNVD-2020-65255
db:	JVNDB	id:	JVNDB-2020-011904
db:	CNNVD	id:	CNNVD-202010-163
db:	NVD	id:	CVE-2020-26602

LAST UPDATE DATE

2024-11-23T22:05:25.568000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-65255	date:	2020-11-23T00:00:00
db:	JVNDB	id:	JVNDB-2020-011904	date:	2021-04-19T08:07:00
db:	CNNVD	id:	CNNVD-202010-163	date:	2020-11-13T00:00:00
db:	NVD	id:	CVE-2020-26602	date:	2024-11-21T05:20:08.390

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-65255	date:	2020-10-21T00:00:00
db:	JVNDB	id:	JVNDB-2020-011904	date:	2021-04-19T00:00:00
db:	CNNVD	id:	CNNVD-202010-163	date:	2020-10-06T00:00:00
db:	NVD	id:	CVE-2020-26602	date:	2020-10-06T19:15:14.993