Vulnerability CVE-2020-12717


Published: 2020-05-14

Description:
The COVIDSafe (Australia) app 1.0 and 1.1 for iOS allows a remote attacker to crash the app, and consequently interfere with COVID-19 contact tracing, via a Bluetooth advertisement containing manufacturer data that is too short. This occurs because of an erroneous OpenTrace manuData.subdata call. The ABTraceTogether (Alberta), ProteGO (Poland), and TraceTogether (Singapore) apps were also affected.

Type:

CWE-20

(Improper Input Validation)

CVSS2 => (AV:A/AC:L/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
3.3/10
2.9/10
6.5/10
Exploit range
Attack complexity
Authentication
Adjacent network
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial
Affected software
Tracetogether -> Tracetogether 
Health -> Covidsafe 
GOV -> Protego safe 
Alberta -> Abtracetogether 

 References:
https://medium.com/@wabz/covidsafe-ios-vulnerability-cve-2020-12717-30dc003f9708

Copyright 2021, cxsecurity.com

 

Back to Top