nvd-json-data-feeds/CVE-2019/CVE-2019-207xx/CVE-2019-20780.json

{
  "id": "CVE-2019-20780",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2020-04-17T14:15:16.647",
  "lastModified": "2021-07-21T11:39:23.747",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, and 8.1 software. Certain security settings, related to whether packages are verified and accepted only from known sources, are mishandled. The LG ID is LVE-SMP-190002 (April 2019)."
    },
    {
      "lang": "es",
      "value": "Se descubri\u00f3  un problema en los dispositivos m\u00f3viles de LG con el software del Sistema Operativo Android versiones 7.0, 7.1, 7.2, 8.0 y 8.1. Determinadas configuraciones de seguridad, relacionadas con si los paquetes son comprobados y aceptados s\u00f3lo de fuentes conocidas, son manejadas inapropiadamente. El ID de LG es LVE-SMP-190002 (Abril 2019)."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5
        },
        "baseSeverity": "HIGH",
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-427"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "09E6085C-A61E-4A89-BF80-EDD9A7DF1E47"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:google:android:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBCA7605-6348-400D-9844-97E0144C2BF5"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:google:android:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "374CEEA9-3B03-4F6F-BF3E-2393E72BF2A7"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B578E383-0D77-4AC7-9C81-3F0B8C18E033"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B06BE74B-83F4-41A3-8AD3-2E6248F7B0B2"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://lgsecurity.lge.com/",
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ]
    }
  ]
}