exploitDog

CVE-2020-12858

Опубликовано: 18 мая 2020

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

Non-reinitialisation of random data in the advertising payload in COVIDSafe v1.0.15 and v1.0.16 allows a remote attacker to re-identify Android devices running COVIDSafe by scanning for their advertising beacons.

Ссылки

https://docs.google.com/document/d/1u5a5ersKBH6eG362atALrzuXo3zuZ70qrGomWVEC27U/edit?usp=sharing
Third Party Advisory
https://www.health.gov.au/resources/apps-and-tools/covidsafe-app
Product
Vendor Advisory
https://docs.google.com/document/d/1u5a5ersKBH6eG362atALrzuXo3zuZ70qrGomWVEC27U/edit?usp=sharing
Third Party Advisory
https://www.health.gov.au/resources/apps-and-tools/covidsafe-app
Product
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:health:covidsafe:*:*:*:*:*:android:*:*

Версия до 1.0.17 (исключая)

EPSS

Процентиль: 60%

0.004

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-330

EPSS

Процентиль: 60%

0.004

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-330