CVE-2020-11603 - An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (incorporating TEEGRIS) so

CVE-2020-11603

Summary

An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (incorporating TEEGRIS) software. Type confusion in the MLDAP Trustlet allows arbitrary code execution. The Samsung ID is SVE-2020-16599 (April 2020).

References

https://security.samsungmobile.com/securityUpdate.smsb
https://www.tuttoandroid.net/samsung/samsung-patch-sicurezza-aprile-2020-798658/

Vulnerable Configurations

cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 09-04-2020 - 20:12)
Impact:
Exploitability:

CWE

CWE-843

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

confirm	https://security.samsungmobile.com/securityUpdate.smsb
misc	https://www.tuttoandroid.net/samsung/samsung-patch-sicurezza-aprile-2020-798658/

Last major update

09-04-2020 - 20:12

Published

08-04-2020 - 16:15

Last modified

09-04-2020 - 20:12