CVE-2020-12717

EPSS 2.2%
Published 14.05.2020 05:15:10
Last modified 21.11.2024 05:00:08
Source cve@mitre.org
Teams watchlist Login
Open Login

The COVIDSafe (Australia) app 1.0 and 1.1 for iOS allows a remote attacker to crash the app, and consequently interfere with COVID-19 contact tracing, via a Bluetooth advertisement containing manufacturer data that is too short. This occurs because of an erroneous OpenTrace manuData.subdata call. The ABTraceTogether (Alberta), ProteGO (Poland), and TraceTogether (Singapore) apps were also affected.

Affected products Warnungen 0 Metrics 3 CWE 0 References 4

Data is provided by the National Vulnerability Database (NVD)

Alberta ≫ Abtracetogether Version- SwPlatformiphone_os

Gov ≫ Protego Safe Version- SwPlatformiphone_os

Health ≫ Covidsafe Version1.0 SwPlatformiphone_os

Health ≫ Covidsafe Version1.1 SwPlatformiphone_os

Tracetogether ≫ Tracetogether Version- SwPlatformiphone_os

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	2.2%	0.829

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	3.3	6.5	2.9	AV:A/AC:L/Au:N/C:N/I:N/A:P

https://medium.com/%40wabz/covidsafe-ios-vulnerability-cve-2020-12717-30dc003f9708

https://nvd.nist.gov/vuln/detail/CVE-2020-12717

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-12717

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-12717

EUVD