CVE-2020-15165 Vulnerability Details

  /     /     /  

CVE-2020-15165 Metadata Quick Info

CVE Published: 28/08/2020 | CVE Updated: 04/08/2024 | CVE Year: 2020
Source: GitHub_M | Vendor: maxieds | Product: ChameleonMiniLiveDebugger
Status : PUBLISHED

---

CVE-2020-15165 Description

Version 1.1.6-free of Chameleon Mini Live Debugger on Google Play Store may have had it\'s sources or permissions tampered by a malicious actor. The official maintainer of the package is recommending all users upgrade to v1.1.8 as soon as possible. For more information, review the referenced GitHub Security Advisory.

Metrics

CVSS Version: 3.1 | Base Score: 9.3 CRITICAL
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* NONE
    User Interaction (UI)* REQUIRED
    Scope (S)* CHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* HIGH
    Integrity Impact (I)* HIGH
    Availability Impact (A)* NONE

Weakness Enumeration (CWE)

CWE-ID: CWE-506
CWE Name: CWE-506: Embedded Malicious Code
Source: maxieds

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).