CVE-2020-9530
Last modified
CVE-2020-9530 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. An issue was discovered on Xiaomi MIUI V11.0.5.0.QFAEUXM devices. The export component of GetApps(com.xiaomi.mipicks) mishandles the functionality of opening other components. EPSS estimates a 1.48% chance of exploitation in the next 30 days.
Description
An issue was discovered on Xiaomi MIUI V11.0.5.0.QFAEUXM devices. The export component of GetApps(com.xiaomi.mipicks) mishandles the functionality of opening other components. Attackers need to induce users to open specific web pages in a specific network environment. By jumping to the WebView component of Messaging(com.android.MMS) and loading malicious web pages, information leakage can occur. This is fixed on version: 2001122; 11.0.1.54.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Mi | Miui Firmware | 11.0.5.0.qfaeuxm |
References
- https://sec.xiaomi.com/post/180Vendor Advisory
- https://www.zerodayinitiative.com/advisories/ZDI-20-289/Third Party Advisory, VDB Entry
- https://sec.xiaomi.com/post/180Vendor Advisory
- https://www.zerodayinitiative.com/advisories/ZDI-20-289/Third Party Advisory, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-9530?
How severe is CVE-2020-9530?
How do I fix CVE-2020-9530?
Are you affected by CVE-2020-9530?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST