exploitDog

CVE-2020-14120

Опубликовано: 21 апр. 2022

Источник: nvd

CVSS3: 8.8

CVSS2: 6.8

EPSS Низкий

Описание

Some Xiaomi models have a vulnerability in a certain application. The vulnerability is caused by the lack of checksum when using a three-party application to pass in parameters, and attackers can induce users to install a malicious app and use the vulnerability to achieve elevated privileges, making the normal services of the system affected.

Ссылки

https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=145
Vendor Advisory
https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=145
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:mi:miui:12.5:*:*:*:*:*:*:*

EPSS

Процентиль: 35%

0.00142

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-354

Связанные уязвимости

GHSA-grgj-cvfc-46jg

CVSS3: 8.8

github

почти 4 года назад

Some Xiaomi models have a vulnerability in a certain application. The vulnerability is caused by the lack of checksum when using a three-party application to pass in parameters, and attackers can induce users to install a malicious app and use the vulnerability to achieve elevated privileges, making the normal services of the system affected.

EPSS

Процентиль: 35%

0.00142

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-354