CVE-2020-13841

An issue was discovered on LG mobile devices with Android OS 9 and 10 (MTK chipsets). An AT command handler allows attackers to bypass intended access restrictions. The LG ID is LVE-SMP-200009 (June 2020).

CVSS v3 9.8 CRITICAL
CVSS v2.0 10.0 HIGH

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://lgsecurity.lge.com/	Vendor Advisory
https://lgsecurity.lge.com/	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:google:android:9.0:::::::*
	cpe:2.3:o:google:android:10.0:::::::*

OR	cpe:2.3:h:lg:cv1:-:::::::*
	cpe:2.3:h:lg:cv1s:-:::::::*
	cpe:2.3:h:lg:cv3:-:::::::*
	cpe:2.3:h:lg:cv5:-:::::::*
	cpe:2.3:h:lg:cv7:-:::::::*
	cpe:2.3:h:lg:cv7as:-:::::::*
	cpe:2.3:h:lg:dh10:-:::::::*
	cpe:2.3:h:lg:dh15:-:::::::*
	cpe:2.3:h:lg:dh30:-:::::::*
	cpe:2.3:h:lg:dh35:-:::::::*
	cpe:2.3:h:lg:dh40:-:::::::*
	cpe:2.3:h:lg:dh5:-:::::::*
	cpe:2.3:h:lg:dh50:-:::::::*
	cpe:2.3:h:lg:g6:-:::::::*
	cpe:2.3:h:lg:g7:-:::::::*
	cpe:2.3:h:lg:g8:-:::::::*
	cpe:2.3:h:lg:k20:-:::::::*
	cpe:2.3:h:lg:k30:-:::::::*
	cpe:2.3:h:lg:k40:-:::::::*
	cpe:2.3:h:lg:k50:-:::::::*
	cpe:2.3:h:lg:q6:-:::::::*
	cpe:2.3:h:lg:q60:-:::::::*
	cpe:2.3:h:lg:q70:-:::::::*
	cpe:2.3:h:lg:q8:-:::::::*
	cpe:2.3:h:lg:v20:-:::::::*
	cpe:2.3:h:lg:v30:-:::::::*
	cpe:2.3:h:lg:v35:-:::::::*
	cpe:2.3:h:lg:v40:-:::::::*
	cpe:2.3:h:lg:v50:-:::::::*
	cpe:2.3:h:lg:v60:-:::::::*
	cpe:2.3:h:lg:x_cam:-:::::::*
	cpe:2.3:h:lg:x300:-:::::::*
	cpe:2.3:h:lg:x400:-:::::::*
	cpe:2.3:h:lg:x500:-:::::::*

History

21 Nov 2024, 05:01

Type	Values Removed	Values Added
References	~~() https://lgsecurity.lge.com/ - Vendor Advisory~~	() https://lgsecurity.lge.com/ - Vendor Advisory

Information

Published : 2020-06-05 00:15

Updated : 2024-11-21 05:01

NVD link : CVE-2020-13841

Mitre link : CVE-2020-13841

CVE.ORG link : CVE-2020-13841

JSON object : View

Products Affected

v50
x500
dh50
k20
v40
dh40
dh15
x300
cv7as
v30
cv1
q70
dh30
cv3
k40
k50
q8
dh5
g8
x400
v60
cv5
v35
v20
dh35
x_cam
dh10
q60
cv7
g6
g7
cv1s
q6
k30

google

android

CWE

NVD-CWE-noinfo

{"id": "CVE-2020-13841", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2020-06-05T00:15:10.940", "references": [{"url": "https://lgsecurity.lge.com/", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://lgsecurity.lge.com/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered on LG mobile devices with Android OS 9 and 10 (MTK chipsets). An AT command handler allows attackers to bypass intended access restrictions. The LG ID is LVE-SMP-200009 (June 2020)."}, {"lang": "es", "value": "Se detect\u00f3 un problema en los dispositivos m\u00f3viles LG con Android OS versiones 9 y 10 (chipsets MTK). Un manejador de comando AT permite a atacantes omitir restricciones de acceso previstas. El ID de LG es LVE-SMP-200009 (Junio de 2020)"}], "lastModified": "2024-11-21T05:01:58.860", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8DFAAD08-36DA-4C95-8200-C29FE5B6B854"}, {"criteria": "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D558D965-FA70-4822-A770-419E73BA9ED3"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:lg:cv1:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3184A6C2-4499-4325-AA6B-9235891431B1"}, {"criteria": "cpe:2.3:h:lg:cv1s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "89334FBD-7962-49EF-B99C-2C7C68D4784A"}, {"criteria": "cpe:2.3:h:lg:cv3:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5459DD60-4674-40C2-9070-A43F4625049C"}, {"criteria": "cpe:2.3:h:lg:cv5:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DD527FA3-6B37-49AF-AA65-C3D2280D94FF"}, {"criteria": "cpe:2.3:h:lg:cv7:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "201240C1-DBFE-4E4B-910C-C89CA34F20F9"}, {"criteria": "cpe:2.3:h:lg:cv7as:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7E013D7F-DFE8-43DE-9CA5-C4175920DA7C"}, {"criteria": "cpe:2.3:h:lg:dh10:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1C772FAC-D629-4B6A-8AF2-DE5F21EAD6FB"}, {"criteria": "cpe:2.3:h:lg:dh15:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4ED9F839-3481-4385-B48D-D4EB5F87E827"}, {"criteria": "cpe:2.3:h:lg:dh30:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5D1324D4-B9C3-4230-9079-0EDABB8DE8C2"}, {"criteria": "cpe:2.3:h:lg:dh35:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1801B468-55B8-425B-9CD9-F155EF8C6D3E"}, {"criteria": "cpe:2.3:h:lg:dh40:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F5656FF7-AEDA-45DD-A094-317470D630B0"}, {"criteria": "cpe:2.3:h:lg:dh5:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5524D0D5-7511-428C-8B4F-A543DB821FAE"}, {"criteria": "cpe:2.3:h:lg:dh50:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E9C65155-41BF-4E09-9566-BAB1002B8C2A"}, {"criteria": "cpe:2.3:h:lg:g6:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B420AF79-29A6-4F48-905E-4D6525AB7AE3"}, {"criteria": "cpe:2.3:h:lg:g7:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D56F8885-3A72-4AA6-BD32-F7B44DC8F5CB"}, {"criteria": "cpe:2.3:h:lg:g8:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BD283652-FACB-48E2-AEA2-62BFB9A3563D"}, {"criteria": "cpe:2.3:h:lg:k20:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E5B41FD2-A604-4F13-802E-EFB7E4B4E186"}, {"criteria": "cpe:2.3:h:lg:k30:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "92717015-3E54-4377-9EAA-3EC7522A2992"}, {"criteria": "cpe:2.3:h:lg:k40:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E9F3DBDA-748E-41CC-9B53-0F2EACAE53B0"}, {"criteria": "cpe:2.3:h:lg:k50:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D4A1A525-CFED-49D2-BB14-3C1017C72397"}, {"criteria": "cpe:2.3:h:lg:q6:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D0330E68-ABF9-4842-8546-0A7736992C09"}, {"criteria": "cpe:2.3:h:lg:q60:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6B74427A-B73F-477C-97E8-AB1B6BF874DE"}, {"criteria": "cpe:2.3:h:lg:q70:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B8FBFD84-00B7-43C9-B2E4-73B93ECC135E"}, {"criteria": "cpe:2.3:h:lg:q8:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C8FB0DB7-C13A-4CE5-9922-D29212194F89"}, {"criteria": "cpe:2.3:h:lg:v20:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3291C1FB-5CEA-4886-930F-C1A81A0E7211"}, {"criteria": "cpe:2.3:h:lg:v30:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D7C92686-117E-43B5-8D79-0BE3C4188EDE"}, {"criteria": "cpe:2.3:h:lg:v35:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B21AF298-6B73-4C3C-9B6E-515BB13CA406"}, {"criteria": "cpe:2.3:h:lg:v40:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "914A44D7-7C6E-4433-A061-D7B0CF198AB0"}, {"criteria": "cpe:2.3:h:lg:v50:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EDF444DD-45F1-41A7-96A2-FD756E92BAB9"}, {"criteria": "cpe:2.3:h:lg:v60:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "AF163597-5C46-484C-893B-C8848E8DAA0A"}, {"criteria": "cpe:2.3:h:lg:x_cam:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6DEC9BA1-FC3F-4B22-B1B5-275FBFCAB5DF"}, {"criteria": "cpe:2.3:h:lg:x300:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E1EA905A-E757-4C0C-AE9A-746E197B5FFA"}, {"criteria": "cpe:2.3:h:lg:x400:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F608F038-2FD3-4DD3-9257-3EC69F5617AE"}, {"criteria": "cpe:2.3:h:lg:x500:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6DC6EB06-EA13-4784-8413-BD89A60744D0"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}

9.8 /10