CVE-2019-20564 - OpenCVE

An issue was discovered on Samsung mobile devices with any (before October 2019 for S9 or Note9) software. Attackers can manipulate the IMEI. The Samsung ID is SVE-2019-15435 (October 2019).

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Samsung	Note9 S9

Configuration 1 [-]

OR	cpe:2.3:h:samsung:note9:-:::::::*
	cpe:2.3:h:samsung:s9:-:::::::*

References

Link	Resource
https://security.samsungmobile.com/securityUpdate.smsb	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2020-03-24T18:30:59

Updated: 2020-03-24T18:30:59

Reserved: 2020-03-23T00:00:00

Link: CVE-2019-20564

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-03-24T19:15:19.150

Modified: 2021-07-21T11:39:23.747

Link: CVE-2019-20564

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:samsung:note9:-:*:*:*:*:*:*:*", "matchCriteriaId": "1E2A5F7B-A48B-4222-AC11-678932C79439", "vulnerable": true}, {"criteria": "cpe:2.3:h:samsung:s9:-:*:*:*:*:*:*:*", "matchCriteriaId": "C959CB6A-097F-4E7F-86AC-97D94BDF493F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered on Samsung mobile devices with any (before October 2019 for S9 or Note9) software. Attackers can manipulate the IMEI. The Samsung ID is SVE-2019-15435 (October 2019)."}, {"lang": "es", "value": "Se detect\u00f3 un problema en dispositivos m\u00f3viles Samsung con cualquier versi\u00f3n de software (antes de Octubre de 2019 para S9 o Note9). Los atacantes pueden manipular el IMEI. El ID de Samsung es SVE-2019-15435 (Octubre de 2019)."}], "id": "CVE-2019-20564", "lastModified": "2021-07-21T11:39:23.747", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-03-24T19:15:19.150", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://security.samsungmobile.com/securityUpdate.smsb"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}