CVE-2020-0379Sensitive Information Exposure in Google Android

5 documents5 sources
Severity
5.7MEDIUMNVD
EPSS
0.1%
top 71.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Platform System BTGoogle Android
Timeline
PublishedSep 17
Latest updateMay 24

Description

In the Bluetooth service, there is a possible spoofing attack due to a logic error. This could lead to remote information disclosure of sensitive information with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-150156492

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.1 | Impact: 3.6

Affected Packages3 packages

CVEListV5google/androidAndroid-8.0 Android-8.1 Android-9 Android-10 Android-11
NVDgoogle/android5 versions+4
Androidplatform/system_bt8.0:08.0:2020-09-01+3

Patches

Patch: source.android.comPatch: source.android.com

🔴Vulnerability Details

3
GHSA
GHSA-qp3x-rc72-hc9v: In the Bluetooth service, there is a possible spoofing attack due to a logic error2022-05-24
CVEList
CVE-2020-0379: In the Bluetooth service, there is a possible spoofing attack due to a logic error2020-09-17
OSV
CVE-2020-0379: In the Bluetooth service, there is a possible spoofing attack due to a logic error2020-09-01

📋Vendor Advisories

1
Android
CVE-2020-0379: Android Security Bulletin 2020-09-01 CVE: CVE-2020-0379 Severity: HIGH Type: ID Affected AOSP versions: 82020-09-01
CVE-2020-0379 — Sensitive Information Exposure | cvebase