How severe is CVE-2020-0989?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.5 out of 10.

What type of vulnerability is CVE-2020-0989?

This is classified as CWE-862, which is a common weakness in software security.

CVE-2020-0989

MEDIUM Year: 2020

CVSS v3 Score

5.5

Medium

CVSS v2 Score

2.1

Low

Weakness Type

CWE-862

View all →

Vulnerability Description

An information disclosure vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles junctions. An attacker who successfully exploited this vulnerability could bypass access restrictions to read files. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and access files. The security update addresses the vulnerability by correcting the how Windows MDM Diagnostics handles files.

CVE-2017-6693

MEDIUM

CVSS:5.5(Medium)

A vulnerability in the ConfD server component of Cisco Elastic Services Controllers could allow an authenticated, local attacker to access information stored in the file system of an affected system, ...

CWE-8622017

CVE-2018-14997

MEDIUM

CVSS:5.5(Medium)

The Leagoo P1 Android device with a build fingerprint of sp7731c_1h10_32v4_bird:6.0/MRA58K/android.20170629.214736:user/release-keys contains the android framework (i.e., system_server) with a package...

CWE-8622018

CVE-2018-9406

MEDIUM

CVSS:5.5(Medium)

In NlpService, there is a possible way to obtain location information due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed...

CWE-8622018

CVE-2018-9457

MEDIUM

CVSS:5.5(Medium)

In onCheckedChanged of BluetoothPairingController.java, there is a possible way to retrieve contact information due to a permissions bypass. This could lead to local information disclosure with no add...

CWE-8622018

CVE-2018-9548

MEDIUM

CVSS:5.5(Medium)

In multiple functions of ContentProvider.java, there is a possible permission bypass due to a missing URI validation. This could lead to local information disclosure with no additional execution privi...

CWE-8622018

CVE-2019-15386

MEDIUM

CVSS:5.5(Medium)

The Lava Z60s Android device with a build fingerprint of LAVA/Z60s/Z60s:8.1.0/O11019/1530331229:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (version...

CWE-8622019

CVE-2020-0989

Vulnerability Description

Related Vulnerabilities

CVE-2017-6693

CVE-2018-14997

CVE-2018-9406

CVE-2018-9457

CVE-2018-9548

CVE-2019-15386