CVE-2020-14121 - OpenCVE

A business logic vulnerability exists in Mi App Store. The vulnerability is caused by incomplete permission checks of the products being bypassed, and an attacker can exploit the vulnerability to perform a local silent installation.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:L/AC:L/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Mi	Mi App Store

Configuration 1 [-]

cpe:2.3:a:mi:mi_app_store:4.12.2:*:*:*:*:*:*:*

References

Link	Resource
https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=146	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Xiaomi

Published: 2022-04-21T17:25:10

Updated: 2022-04-21T17:25:10

Reserved: 2020-06-15T00:00:00

Link: CVE-2020-14121

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-04-21T18:15:08.607

Modified: 2022-07-12T17:42:04.277

Link: CVE-2020-14121

JSON object: View

Redhat Information

No data.

CWE

CWE-863

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mi:mi_app_store:4.12.2:*:*:*:*:*:*:*", "matchCriteriaId": "3DF9843D-2D59-4A66-A7AD-E26132BA0878", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A business logic vulnerability exists in Mi App Store. The vulnerability is caused by incomplete permission checks of the products being bypassed, and an attacker can exploit the vulnerability to perform a local silent installation."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de l\u00f3gica de negocio en Mi App Store. La vulnerabilidad est\u00e1 causada por una comprobaci\u00f3n incompleta de los permisos de los productos, y un atacante puede explotar la vulnerabilidad para llevar a cabo una instalaci\u00f3n local silenciosa"}], "id": "CVE-2020-14121", "lastModified": "2022-07-12T17:42:04.277", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-04-21T18:15:08.607", "references": [{"source": "security@xiaomi.com", "tags": ["Vendor Advisory"], "url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=146"}], "sourceIdentifier": "security@xiaomi.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "nvd@nist.gov", "type": "Primary"}]}