Vulnerability Details : CVE-2020-20094
Instagram iOS 106.0 and prior and Android 107.0.0.11 and prior user interface does not properly represent URI messages to the user, which results in URI spoofing via specially crafted messages
Products affected by CVE-2020-20094
- cpe:2.3:a:facebook:instagram:*:*:*:*:*:android:*:*
- cpe:2.3:a:facebook:instagram:*:*:*:*:*:iphone_os:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-20094
0.23%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 61 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-20094
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST | |
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N |
2.8
|
3.6
|
NIST |
References for CVE-2020-20094
-
http://packetstormsecurity.com/files/166448/RTLO-Injection-URI-Spoofing.html
RTLO Injection URI Spoofing ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
https://github.com/zadewg/RIUS
GitHub - zadewg/RIUS: RTLO Injection URI SpoofingExploit;Third Party Advisory
Jump to