CVE-2020-36248 — LOW (3.9) — White Hats Nepal

Q: How severe is CVE-2020-36248?

CVE-2020-36248 has been rated LOW with a CVSS base score of 3.9/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-36248?

Check the references section above for vendor advisories and patch information. Affected products include: Owncloud Owncloud Client.

Vulnerability Description

The ownCloud application before 2.15 for Android allows attackers to use adb to include a PIN preferences value in a backup archive, and consequently bypass the PIN lock feature by restoring from this archive.

CVSS Score

3.9

LOW

CVSS:3.1/AV:P/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Owncloud	Owncloud Client	< 2.15

Related Weaknesses (CWE)

CWE-312

References

https://owncloud.com/security-advisories/bypassing-app-lock-pattern-passcode-finVendor Advisory
https://owncloud.com/security-advisories/bypassing-app-lock-pattern-passcode-finVendor Advisory

FAQ

What is CVE-2020-36248?

CVE-2020-36248 is a vulnerability with a CVSS score of 3.9 (LOW). The ownCloud application before 2.15 for Android allows attackers to use adb to include a PIN preferences value in a backup archive, and consequently bypass the PIN lock feature by restoring from this...

How severe is CVE-2020-36248?

CVE-2020-36248 has been rated LOW with a CVSS base score of 3.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-36248?

Check the references section above for vendor advisories and patch information. Affected products include: Owncloud Owncloud Client.