CVE-2020-12717
Last modified
CVE-2020-12717 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. The COVIDSafe (Australia) app 1.0 and 1.1 for iOS allows a remote attacker to crash the app, and consequently interfere with COVID-19 contact tracing, via a Bluetooth advertisement containing manufacturer data that is too short. This occurs because of an erroneous OpenTrace manuData.subdata call. EPSS estimates a 1.39% chance of exploitation in the next 30 days.
Description
The COVIDSafe (Australia) app 1.0 and 1.1 for iOS allows a remote attacker to crash the app, and consequently interfere with COVID-19 contact tracing, via a Bluetooth advertisement containing manufacturer data that is too short. This occurs because of an erroneous OpenTrace manuData.subdata call. The ABTraceTogether (Alberta), ProteGO (Poland), and TraceTogether (Singapore) apps were also affected.
Metrics
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Alberta | Abtracetogether | All versions |
| Gov | Protego Safe | All versions |
| Health | Covidsafe | 1.0 |
| Health | Covidsafe | 1.1 |
| Tracetogether | Tracetogether | All versions |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-12717?
How severe is CVE-2020-12717?
How do I fix CVE-2020-12717?
Are you affected by CVE-2020-12717?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST