CVE-2020-14105 - Vulnerability Details

Vendors	Products
Mi	Mi 10 Miui

Link	Providers
https://privacy.mi.com/trust#/security/vulnerability-management/vulnerability-announcement/detail?id=28&locale=zh

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "Xiaomi 10", "vendor": "n/a", "versions": [{"status": "affected", "version": "Xiaomi 10 MIUI system < 2020.01.15"}]}], "descriptions": [{"lang": "en", "value": "The application in the mobile phone can read the SNO information of the device, Xiaomi 10 MIUI < 2020.01.15."}], "problemTypes": [{"descriptions": [{"description": "Information disclosure", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-04-20T15:49:21", "orgId": "b57733aa-7326-4f07-8e09-0be8e0df1909", "shortName": "Xiaomi"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://privacy.mi.com/trust#/security/vulnerability-management/vulnerability-announcement/detail?id=28&locale=zh"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@xiaomi.com", "ID": "CVE-2020-14105", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Xiaomi 10", "version": {"version_data": [{"version_value": "Xiaomi 10 MIUI system < 2020.01.15"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The application in the mobile phone can read the SNO information of the device, Xiaomi 10 MIUI < 2020.01.15."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Information disclosure"}]}]}, "references": {"reference_data": [{"name": "https://privacy.mi.com/trust#/security/vulnerability-management/vulnerability-announcement/detail?id=28&locale=zh", "refsource": "CONFIRM", "url": "https://privacy.mi.com/trust#/security/vulnerability-management/vulnerability-announcement/detail?id=28&locale=zh"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T12:39:35.975Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://privacy.mi.com/trust#/security/vulnerability-management/vulnerability-announcement/detail?id=28&locale=zh"}]}]}, "cveMetadata": {"assignerOrgId": "b57733aa-7326-4f07-8e09-0be8e0df1909", "assignerShortName": "Xiaomi", "cveId": "CVE-2020-14105", "datePublished": "2021-04-20T15:49:21", "dateReserved": "2020-06-15T00:00:00", "dateUpdated": "2024-08-04T12:39:35.975Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : Xiaomi 10 (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : Xiaomi 10 MIUI system < 2020.01.15 (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : The application in the mobile phone can read the SNO information of the device, Xiaomi 10 MIUI < 2020.01.15. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : Information disclosure (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2021-04-20T15:49:21 (string)

orgId : b57733aa-7326-4f07-8e09-0be8e0df1909 (string)

shortName : Xiaomi (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://privacy.mi.com/trust#/security/vulnerability-management/vulnerability-announcement/detail?id=28&locale=zh (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : security@xiaomi.com (string)

ID : CVE-2020-14105 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : Xiaomi 10 (string)

version : { »

version_data : [ »

0 : { »

version_value : Xiaomi 10 MIUI system < 2020.01.15 (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : The application in the mobile phone can read the SNO information of the device, Xiaomi 10 MIUI < 2020.01.15. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : Information disclosure (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://privacy.mi.com/trust#/security/vulnerability-management/vulnerability-announcement/detail?id=28&locale=zh (string)

refsource : CONFIRM (string)

url : https://privacy.mi.com/trust#/security/vulnerability-management/vulnerability-announcement/detail?id=28&locale=zh (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-04T12:39:35.975Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://privacy.mi.com/trust#/security/vulnerability-management/vulnerability-announcement/detail?id=28&locale=zh (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : b57733aa-7326-4f07-8e09-0be8e0df1909 (string)

assignerShortName : Xiaomi (string)

cveId : CVE-2020-14105 (string)

datePublished : 2021-04-20T15:49:21 (string)

dateReserved : 2020-06-15T00:00:00 (string)

dateUpdated : 2024-08-04T12:39:35.975Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mi:miui:*:*:*:*:*:*:*:*", "matchCriteriaId": "F9EAA862-FCFF-4CA1-9510-EFBEDC68DDD7", "versionEndExcluding": "2020.01.15", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mi:mi_10:-:*:*:*:*:*:*:*", "matchCriteriaId": "9A593CB2-EAEB-4C4E-BF3B-67ADC3B8917A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "The application in the mobile phone can read the SNO information of the device, Xiaomi 10 MIUI < 2020.01.15."}, {"lang": "es", "value": "La aplicaci\u00f3n en el tel\u00e9fono m\u00f3vil puede leer la informaci\u00f3n SNO del dispositivo, Xiaomi 10 MIUI versiones anteriores a 2020.01.15"}], "id": "CVE-2020-14105", "lastModified": "2024-11-21T05:02:39.537", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-04-20T16:15:10.120", "references": [{"source": "security@xiaomi.com", "tags": ["Vendor Advisory"], "url": "https://privacy.mi.com/trust#/security/vulnerability-management/vulnerability-announcement/detail?id=28&locale=zh"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://privacy.mi.com/trust#/security/vulnerability-management/vulnerability-announcement/detail?id=28&locale=zh"}], "sourceIdentifier": "security@xiaomi.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:mi:miui:*:*:*:*:*:*:*:* (string)

matchCriteriaId : F9EAA862-FCFF-4CA1-9510-EFBEDC68DDD7 (string)

versionEndExcluding : 2020.01.15 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:mi:mi_10:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 9A593CB2-EAEB-4C4E-BF3B-67ADC3B8917A (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : The application in the mobile phone can read the SNO information of the device, Xiaomi 10 MIUI < 2020.01.15. (string)

}

1 : { »

lang : es (string)

value : La aplicación en el teléfono móvil puede leer la información SNO del dispositivo, Xiaomi 10 MIUI versiones anteriores a 2020.01.15 (string)

}

]

id : CVE-2020-14105 (string)

lastModified : 2024-11-21T05:02:39.537 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : LOW (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : LOCAL (string)

authentication : NONE (string)

availabilityImpact : NONE (string)

baseScore : 2.1 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : NONE (string)

vectorString : AV:L/AC:L/Au:N/C:P/I:N/A:N (string)

version : 2.0 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : LOCAL (string)

availabilityImpact : NONE (string)

baseScore : 5.5 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : HIGH (string)

integrityImpact : NONE (string)

privilegesRequired : LOW (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N (string)

version : 3.1 (string)

}

exploitabilityScore : 1.8 (number)

impactScore : 3.6 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2021-04-20T16:15:10.120 (string)

references : [ »

0 : { »

source : security@xiaomi.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://privacy.mi.com/trust#/security/vulnerability-management/vulnerability-announcement/detail?id=28&locale=zh (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://privacy.mi.com/trust#/security/vulnerability-management/vulnerability-announcement/detail?id=28&locale=zh (string)

}

]

sourceIdentifier : security@xiaomi.com (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : NVD-CWE-noinfo (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object