CVE-2020-13626

OnePlus App Locker through 2020-10-06 allows physically proximate attackers to use Google Assistant to bypass an authorization check in order to send an SMS message when the SMS application is locked.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.6 MEDIUM
PHYSICAL
LOW
NONE
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 16%
VendorProductVersion
oneplusapp_locker
𝑥
≤ 2020-10-06
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://medium.com/%40bugsbunnyy1107/the-tell-tale-of-cve-in-oneplus-phones-91e97342a8b5
https://support.oneplus.com/app/answers/detail/a_id/301/~/how-to-use-app-locker
https://medium.com/%40bugsbunnyy1107/the-tell-tale-of-cve-in-oneplus-phones-91e97342a8b5
https://support.oneplus.com/app/answers/detail/a_id/301/~/how-to-use-app-locker