CVE-2020-11836 — MEDIUM (5.5)

Vulnerability Description

OPPO Android Phone with MTK chipset and Android 8.1/9/10/11 versions have an information leak vulnerability. The “adb shell getprop ro.vendor.aee.enforcing” or “adb shell getprop ro.vendor.aee.enforcing” return no.

CVSS Score

5.5

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Google	Android	8.1
Oppo	A12	-
Oppo	A15	-
Oppo	A15S	-
Oppo	A31	-
Oppo	A33	-
Oppo	A5	-
Oppo	A52	-
Oppo	A53	-
Oppo	A9	-
Oppo	F15	-
Oppo	F17	-
Oppo	F17 Pro	-
Oppo	Reno 2	-
Oppo	Reno 2F	-
Oppo	Reno 2Z	-
Oppo	Reno 3 Pro	-
Oppo	Reno 4 Pro	-
Oppo	Reno 5 Pro 5G	-

References

https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-135721388844961Vendor Advisory
https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-135721388844961Vendor Advisory

FAQ

What is CVE-2020-11836?

CVE-2020-11836 is a vulnerability with a CVSS score of 5.5 (MEDIUM). OPPO Android Phone with MTK chipset and Android 8.1/9/10/11 versions have an information leak vulnerability. The “adb shell getprop ro.vendor.aee.enforcing” or “adb shell getprop ro.vendor.aee.enforci...

How severe is CVE-2020-11836?

CVE-2020-11836 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-11836?

Check the references section above for vendor advisories and patch information. Affected products include: Google Android, Oppo A12, Oppo A15, Oppo A15S, Oppo A31.