Back

CVE-2024-20080

July 1, 2024, 12:37 p.m.

Awaiting Analysis
CVE has been recently published to the CVE List and has been received by the NVD.

Products

UNKNOWN

Source

security@mediatek.com

Tags

CWE-295
security@mediatek.com
2024-07-01
CVE-2024-20080

CVE-2024-20080 details

Published : July 1, 2024, 5:15 a.m.
Last Modified : July 1, 2024, 12:37 p.m.

Description

In gnss service, there is a possible escalation of privilege due to improper certificate validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08720039; Issue ID: MSV-1424.

CVSS Score

1 2 3 4 5 6 7 8 9 10

Weakness

Weakness Name Description
CWE-295 Improper Certificate Validation The product does not validate, or incorrectly validates, a certificate.

References

URL Source
https://corp.mediatek.com/product-security-bulletin/July-2024 security@mediatek.com
This website uses the NVD API, but is not approved or certified by it.