Lucene search

MitreCVE-2019-20610

HistoryMar 24, 2020 - 8:15 p.m.

CVE-2019-20610

2020-03-2420:15:13

CWE-367

mitre

web.nvd.nist.gov

cve-2019-20610

samsung

mobile devices

exynos

trustlet

double-fetch vulnerability

arbitrary code execution

sve-2019-13910

nvd

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.2

Confidence

High

EPSS

0.001

Percentile

44.3%

JSON

An issue was discovered on Samsung mobile devices with N(7.X) and O(8.X) (Exynos 7570, 7870, 7880, 7885, 8890, 8895, and 9810 chipsets) software. A double-fetch vulnerability in Trustlet allows arbitrary TEE code execution. The Samsung ID is SVE-2019-13910 (April 2019).

Affected configurations

Nvd

Node

googleandroidMatch7.0

googleandroidMatch7.1.0

googleandroidMatch7.1.1

googleandroidMatch7.1.2

googleandroidMatch8.0

googleandroidMatch8.1

AND

samsungexynos_7570Match-

samsungexynos_7870Match-

samsungexynos_7880Match-

samsungexynos_7885Match-

samsungexynos_8890Match-

samsungexynos_8895Match-

samsungexynos_9810Match-

VendorProductVersionCPE
googleandroid7.0cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*
googleandroid7.1.0cpe:2.3:o:google:android:7.1.0:*:*:*:*:*:*:*
googleandroid7.1.1cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*
googleandroid7.1.2cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*
googleandroid8.0cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*
googleandroid8.1cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*
samsungexynos_7570-cpe:2.3:h:samsung:exynos_7570:-:*:*:*:*:*:*:*
samsungexynos_7870-cpe:2.3:h:samsung:exynos_7870:-:*:*:*:*:*:*:*
samsungexynos_7880-cpe:2.3:h:samsung:exynos_7880:-:*:*:*:*:*:*:*
samsungexynos_7885-cpe:2.3:h:samsung:exynos_7885:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
google	android	7.0	cpe:2.3:o:google:android:7.0:::::::*
google	android	7.1.0	cpe:2.3:o:google:android:7.1.0:::::::*
google	android	7.1.1	cpe:2.3:o:google:android:7.1.1:::::::*
google	android	7.1.2	cpe:2.3:o:google:android:7.1.2:::::::*
google	android	8.0	cpe:2.3:o:google:android:8.0:::::::*
google	android	8.1	cpe:2.3:o:google:android:8.1:::::::*
samsung	exynos_7570	-	cpe:2.3:h:samsung:exynos_7570:-:::::::*
samsung	exynos_7870	-	cpe:2.3:h:samsung:exynos_7870:-:::::::*
samsung	exynos_7880	-	cpe:2.3:h:samsung:exynos_7880:-:::::::*
samsung	exynos_7885	-	cpe:2.3:h:samsung:exynos_7885:-:::::::*

Rows per page:

1-10 of 131

References

security.samsungmobile.com/securityUpdate.smsb

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.2

Confidence

High

EPSS

0.001

Percentile

44.3%

JSON

Related for CVE-2019-20610