CVE-2020-22475

"Tasks" application version before 9.7.3 is affected by insecure permissions. The VoiceCommandActivity application component allows arbitrary applications on a device to add tasks with no restrictions.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 MEDIUM
PHYSICAL
LOW
NONE
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 28%
VendorProductVersion
taskstasks
𝑥
< 9.7.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://lyhinslab.org/index.php/2020/07/18/how-the-white-box-hacking-works-ok-google-i-wanna-pwn-this-app/
https://www.exploit-db.com/exploits/49563
https://lyhinslab.org/index.php/2020/07/18/how-the-white-box-hacking-works-ok-google-i-wanna-pwn-this-app/
https://www.exploit-db.com/exploits/49563