CVE-2020-0403

MEDIUM Year: 2020
CVSS v3 Score
6.7
Medium
CVSS v2 Score
7.2
High
Weakness Type
CWE-269
View all →

Vulnerability Description

In the FPC TrustZone fingerprint App, there is a possible invalid command handler due to an exposed test feature. This could lead to local escalation of privilege in the TEE, with System execution privileges required. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-131252923

Related Vulnerabilities

CVE-2011-2910

MEDIUM
CVSS:6.7(Medium)

The AX.25 daemon (ax25d) in ax25-tools before 0.0.8-13 does not check the return value of a setuid call. The setuid call is responsible for dropping privileges but if the call fails the daemon would c...

CWE-2692011

CVE-2017-14329

MEDIUM
CVSS:6.7(Medium)

Extreme EXOS 16.x, 21.x, and 22.x allows administrators to obtain a root shell via vectors involving an exsh debug shell.

CWE-2692017

CVE-2017-14330

MEDIUM
CVSS:6.7(Medium)

Extreme EXOS 16.x, 21.x, and 22.x allows administrators to obtain a root shell via vectors involving a privileged process.

CWE-2692017

CVE-2017-14380

MEDIUM
CVSS:6.7(Medium)

In EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, 8.0.0.0 - 8.0.0.4, 7.2.1.0 - 7.2.1.5, 7.2.0.x, and 7.1.1.x, a malicious compliance admin (compadmin) account user could exploit a vulnerability in isi_g...

CWE-2692017

CVE-2017-6152

MEDIUM
CVSS:6.7(Medium)

A local user on F5 BIG-IQ Centralized Management 5.1.0-5.2.0 with the Access Manager role has privileges to change the passwords of other users on the system, including the local admin account passwor...

CWE-2692017

CVE-2017-6732

MEDIUM
CVSS:6.7(Medium)

A vulnerability in the installation procedure for Cisco Prime Network Software could allow an authenticated, local attacker to elevate their privileges to root privileges. More Information: CSCvd47343...

CWE-2692017