Lucene search

[email protected]CVE-2020-20093

HistoryMar 23, 2022 - 10:15 p.m.

CVE-2020-20093

2022-03-2322:15:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

facebook messenger

ios

android

uri spoofing

cve-2020-20093

nvd

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

6.1 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

54.3%

JSON

The Facebook Messenger app for iOS 227.0 and prior and Android 228.1.0.10.116 and prior user interface does not properly represent URI messages to the user, which results in URI spoofing via specially crafted messages.

CPENameOperatorVersion
facebook:messengerfacebook messengerle227.0
facebook:messengerfacebook messengerle228.1.0.10.116

CPE	Name	Operator	Version
facebook:messenger	facebook messenger	le	227.0
facebook:messenger	facebook messenger	le	228.1.0.10.116

References

packetstormsecurity.com/files/166448/RTLO-Injection-URI-Spoofing.html

github.com/zadewg/RIUS

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

6.1 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

54.3%

JSON

Related for CVE-2020-20093

cvelist1 prion1 malwarebytes1 packetstorm1