CVE-2019-20586 - An issue was discovered on Samsung mobile devices with O(8.1) and P(9.0) (with TEEGRIS) software. Th

CVE-2019-20586

Summary

An issue was discovered on Samsung mobile devices with O(8.1) and P(9.0) (with TEEGRIS) software. There is type confusion in the FINGERPRINT Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2019-14864 (August 2019).

References

https://security.samsungmobile.com/securityUpdate.smsb

Vulnerable Configurations

cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*
cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*
cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*

CVSS

Base:	10.0 (as of 27-03-2020 - 19:27)
Impact:
Exploitability:

CWE

CWE-843

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:C/I:C/A:C

refmap via4

confirm

https://security.samsungmobile.com/securityUpdate.smsb

Last major update

27-03-2020 - 19:27

Published

24-03-2020 - 19:15

Last modified

27-03-2020 - 19:27