CVE-2020-12487 HIGH

CVE-2020-12487: Command Execution Vulnerability in ABE service

Vendor Vivo
Product ABE
Weakness CWE-20 · Input validation
Published December 17, 2024
Last update December 17, 2024

CVSS base score

7.0/10
Attack vector Physical
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

What the vulnerability does

01Description

Due to the flaws in the verification of input parameters, the attacker can input carefully constructed commands to make the ABE service execute some commands with root privilege.

Key dates

02Disclosure timeline

December 17, 2024 CVE published
December 17, 2024 Record updated