CVE-2020-5571 : SHARP AQUOS series (AQUOS SH-M02 build number 01.00.05 and earlier, AQUOS SH-RM0

SHARP AQUOS series (AQUOS SH-M02 build number 01.00.05 and earlier, AQUOS SH-RM02 build number 01.00.04 and earlier, AQUOS mini SH-M03 build number 01.00.04 and earlier, AQUOS Keitai SH-N01 build number 01.00.01 and earlier, AQUOS L2 (UQ mobile/J:COM) build number 01.00.05 and earlier, AQUOS sense lite SH-M05 build number 03.00.04 and earlier, AQUOS sense (UQ mobile) build number 03.00.03 and earlier, AQUOS compact SH-M06 build number 02.00.02 and earlier, AQUOS sense plus SH-M07 build number 02.00.02 and earlier, AQUOS sense2 SH-M08 build number 02.00.05 and earlier, and AQUOS sense2 (UQ mobile) build number 02.00.06 and earlier) allow an attacker to obtain the sensitive information of the device via malicious applications installed on the device.

Published 2020-04-23 08:15:12

Updated 2020-04-30 19:48:51

Source JPCERT/CC

View at NVD, CVE.org

Vulnerability category: Information leak

Products affected by CVE-2020-5571

Sharp » Aquos Sh-m02 Firmware
Versions up to, including, (<=) 01.00.05
cpe:2.3:o:sharp:aquos_sh-m02_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Sharp » Aquos Sh-m02 » Version: N/A
Sharp » Aquos Sh-rm02 Firmware
Versions up to, including, (<=) 01.00.04
cpe:2.3:o:sharp:aquos_sh-rm02_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Sharp » Aquos Sh-rm02 » Version: N/A
Sharp » Aquos Mini Sh-m03 Firmware
Versions up to, including, (<=) 01.00.04
cpe:2.3:o:sharp:aquos_mini_sh-m03_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Sharp » Aquos Mini Sh-m03 » Version: N/A
Sharp » Aquos Mini Sh-m03 Firmware
Versions up to, including, (<=) 01.00.01
cpe:2.3:o:sharp:aquos_mini_sh-m03_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Sharp » Aquos Mini Sh-m03 » Version: N/A
Sharp » Aquos L2 Firmware
Versions up to, including, (<=) 01.00.05
cpe:2.3:o:sharp:aquos_l2_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Sharp » Aquos L2 » Version: N/A
Sharp » Aquos Sense Lite Sh-m05 Firmware
Versions up to, including, (<=) 03.00.04
cpe:2.3:o:sharp:aquos_sense_lite_sh-m05_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Sharp » Aquos Sense Lite Sh-m05 » Version: N/A
Sharp » Aquos Sense Firmware
Versions up to, including, (<=) 03.00.03
cpe:2.3:o:sharp:aquos_sense_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Sharp » Aquos Sense » Version: N/A
Sharp » Aquos Compact Sh-m06 Firmware
Versions up to, including, (<=) 02.00.02
cpe:2.3:o:sharp:aquos_compact_sh-m06_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Sharp » Aquos Compact Sh-m06 » Version: N/A
Sharp » Aquos Sense Plus Sh-m07 Firmware
Versions up to, including, (<=) 0.2.00.02
cpe:2.3:o:sharp:aquos_sense_plus_sh-m07_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Sharp » Aquos Sense Plus Sh-m07 » Version: N/A
Sharp » Aquos Sense2 Sh-m08 Firmware
Versions up to, including, (<=) 02.00.05
cpe:2.3:o:sharp:aquos_sense2_sh-m08_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Sharp » Aquos Sense2 Sh-m08 » Version: N/A
Sharp » Aquos Sense2 Firmware
Versions up to, including, (<=) 02.00.06
cpe:2.3:o:sharp:aquos_sense2_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Sharp » Aquos Sense2 » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2020-5571

EPSS FAQ

0.32%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 52 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2020-5571

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	3.9	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None

CWE ids for CVE-2020-5571

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2020-5571

https://k-tai.sharp.co.jp/support/info/info036.html

お知らせ｜よくあるご質問｜AQUOS：シャープ
Third Party Advisory
https://jvn.jp/en/jp/JVN93064451/index.html

JVN#93064451: Multiple SHARP Android devices vulnerable to information disclosure
Third Party Advisory

Jump to

Vulnerability Details : CVE-2020-5571

Products affected by CVE-2020-5571

Exploit prediction scoring system (EPSS) score for CVE-2020-5571

CVSS scores for CVE-2020-5571

CWE ids for CVE-2020-5571

References for CVE-2020-5571