CVE-2020-10847 - OpenCVE

An issue was discovered on Samsung mobile devices with P(9.0) (Galaxy S8 and Note8) software. Facial recognition can be spoofed. The Samsung ID is SVE-2019-16614 (February 2020).

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Samsung	Galaxy S8 Galaxy Note8
Google	Android

Configuration 1 [-]

AND

cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*

OR	cpe:2.3:h:samsung:galaxy_note8:-:::::::*
	cpe:2.3:h:samsung:galaxy_s8:-:::::::*

References

Link	Resource
https://security.samsungmobile.com/securityUpdate.smsb	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2020-03-24T17:30:10

Updated: 2020-03-24T17:30:10

Reserved: 2020-03-23T00:00:00

Link: CVE-2020-10847

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-03-24T18:15:17.403

Modified: 2020-03-30T15:39:22.227

Link: CVE-2020-10847

JSON object: View

Redhat Information

No data.

CWE

CWE-287

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "8DFAAD08-36DA-4C95-8200-C29FE5B6B854", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:samsung:galaxy_note8:-:*:*:*:*:*:*:*", "matchCriteriaId": "B54A36F3-17EC-4D5B-9064-FFF449DE3E85", "vulnerable": false}, {"criteria": "cpe:2.3:h:samsung:galaxy_s8:-:*:*:*:*:*:*:*", "matchCriteriaId": "7CD40B60-8964-471B-9D8D-96F218980074", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "An issue was discovered on Samsung mobile devices with P(9.0) (Galaxy S8 and Note8) software. Facial recognition can be spoofed. The Samsung ID is SVE-2019-16614 (February 2020)."}, {"lang": "es", "value": "Se detect\u00f3 un problema en dispositivos m\u00f3viles Samsung con versi\u00f3n de software P(9.0) (Galaxy S8 y Note8). El reconocimiento facial puede ser falsificado. El ID de Samsung es SVE-2019-16614 (Febrero de 2020)."}], "id": "CVE-2020-10847", "lastModified": "2020-03-30T15:39:22.227", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-03-24T18:15:17.403", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://security.samsungmobile.com/securityUpdate.smsb"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}