CVE-2019-20566 - An issue was discovered on Samsung mobile devices with any (before September 2019 for SMP1300 Exynos

CVE-2019-20566

Summary

An issue was discovered on Samsung mobile devices with any (before September 2019 for SMP1300 Exynos modem chipsets) software. Attackers can trigger stack corruption in the Shannon modem via a crafted RP-Originator/Destination address. The Samsung ID is SVE-2019-14858 (September 2019).

References

https://security.samsungmobile.com/securityUpdate.smsb

Vulnerable Configurations

cpe:2.3:h:samsung:exynos_smp1300:-:*:*:*:*:*:*:*
cpe:2.3:h:samsung:exynos_smp1300:-:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 24-08-2020 - 17:37)
Impact:
Exploitability:

CWE

CWE-787

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

confirm

https://security.samsungmobile.com/securityUpdate.smsb

Last major update

24-08-2020 - 17:37

Published

24-03-2020 - 19:15

Last modified

24-08-2020 - 17:37