Vulnerability Name:

CVE-2020-13841 (CCN-183010)

Assigned:2020-06-04
Published:2020-06-04
Updated:2021-07-21
Summary:An issue was discovered on LG mobile devices with Android OS 9 and 10 (MTK chipsets). An AT command handler allows attackers to bypass intended access restrictions. The LG ID is LVE-SMP-200009 (June 2020).
CVSS v3 Severity:9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.5 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
6.2 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
5.4 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): High
Availibility (A): None
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
4.9 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:C/A:N)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Complete
Availibility (A): None
Vulnerability Type:CWE-269
Vulnerability Consequences:Bypass Security
References:Source: MITRE
Type: CNA
CVE-2020-13841

Source: XF
Type: UNKNOWN
lg-cve202013841-sec-bypass(183010)

Source: CCN
Type: LG Security Web site
LG Mobile Security Maintenance Releases

Source: CONFIRM
Type: Vendor Advisory
https://lgsecurity.lge.com/

Vulnerable Configuration:Configuration 1:
  • cpe:/o:google:android:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:google:android:10.0:*:*:*:*:*:*:*
  • AND
  • cpe:/h:lg:cv1:-:*:*:*:*:*:*:*
  • OR cpe:/h:lg:cv1s:-:*:*:*:*:*:*:*
  • OR cpe:/h:lg:cv3:-:*:*:*:*:*:*:*
  • OR cpe:/h:lg:cv5:-:*:*:*:*:*:*:*
  • OR cpe:/h:lg:cv7:-:*:*:*:*:*:*:*
  • OR cpe:/h:lg:cv7as:-:*:*:*:*:*:*:*
  • OR cpe:/h:lg:dh10:-:*:*:*:*:*:*:*
  • OR cpe:/h:lg:dh15:-:*:*:*:*:*:*:*
  • OR cpe:/h:lg:dh30:-:*:*:*:*:*:*:*
  • OR cpe:/h:lg:dh35:-:*:*:*:*:*:*:*
  • OR cpe:/h:lg:dh40:-:*:*:*:*:*:*:*
  • OR cpe:/h:lg:q6:-:*:*:*:*:*:*:*
  • OR cpe:/h:lg:q8:-:*:*:*:*:*:*:*
  • OR cpe:/h:lg:x300:-:*:*:*:*:*:*:*
  • OR cpe:/h:lg:x400:-:*:*:*:*:*:*:*
  • OR cpe:/h:lg:x500:-:*:*:*:*:*:*:*
  • OR cpe:/h:lg:v30:-:*:*:*:*:*:*:*
  • OR cpe:/h:lg:v20:-:*:*:*:*:*:*:*
  • OR cpe:/h:lg:g6:-:*:*:*:*:*:*:*
  • OR cpe:/h:lg:g7:-:*:*:*:*:*:*:*
  • OR cpe:/h:lg:v40:-:*:*:*:*:*:*:*
  • OR cpe:/h:lg:g8:-:*:*:*:*:*:*:*
  • OR cpe:/h:lg:v35:-:*:*:*:*:*:*:*
  • OR cpe:/h:lg:v50:-:*:*:*:*:*:*:*
  • OR cpe:/h:lg:v60:-:*:*:*:*:*:*:*
  • OR cpe:/h:lg:k20:-:*:*:*:*:*:*:*
  • OR cpe:/h:lg:k30:-:*:*:*:*:*:*:*
  • OR cpe:/h:lg:k40:-:*:*:*:*:*:*:*
  • OR cpe:/h:lg:k50:-:*:*:*:*:*:*:*
  • OR cpe:/h:lg:q60:-:*:*:*:*:*:*:*
  • OR cpe:/h:lg:q70:-:*:*:*:*:*:*:*
  • OR cpe:/h:lg:dh5:-:*:*:*:*:*:*:*
  • OR cpe:/h:lg:dh50:-:*:*:*:*:*:*:*
  • OR cpe:/h:lg:x_cam:-:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    google android 9.0
    google android 10.0
    lg cv1 -
    lg cv1s -
    lg cv3 -
    lg cv5 -
    lg cv7 -
    lg cv7as -
    lg dh10 -
    lg dh15 -
    lg dh30 -
    lg dh35 -
    lg dh40 -
    lg q6 -
    lg q8 -
    lg x300 -
    lg x400 -
    lg x500 -
    lg v30 -
    lg v20 -
    lg g6 -
    lg g7 -
    lg v40 -
    lg g8 -
    lg v35 -
    lg v50 -
    lg v60 -
    lg k20 -
    lg k30 -
    lg k40 -
    lg k50 -
    lg q60 -
    lg q70 -
    lg dh5 -
    lg dh50 -
    lg x cam -