CVE-2020-12858

High

Non-reinitialisation of random data in the advertising payload in COVIDSafe v1.0.15 and v1.0.16 allows a remote attacker to re-identify…

mitre·CWE-330·Published 2020-05-18

CVSS

7.5

EPSS

0.02

KEV

Exploits

cve.orgen

212 chars

Non-reinitialisation of random data in the advertising payload in COVIDSafe v1.0.15 and v1.0.16 allows a remote attacker to re-identify Android devices running COVIDSafe by scanning for their advertising beacons.

NVDen

212 chars

NVDes

262 chars

Una no reinicialización de los datos aleatorios en una carga útil de publicidad en COVIDSafe versiones v1.0.15 y v1.0.16, permite a un atacante remoto volver a identificar los dispositivos Android que ejecutan COVIDSafe al escanear sus indicadores publicitarios.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	5.0	10.0	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N
3.1	Primary	NVD	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N