Input Parameter Flaw in Vivo ABE Service
CVE-2020-12487

7HIGH

Key Information:

Vendor: Vivo
Status: Abe
Vendor: CVE Published:; 17 December 2024

What is CVE-2020-12487?

CVE-2020-12487 represents a significant security vulnerability within the ABE service developed by Vivo. This flaw stems from inadequate input parameter validation, allowing an attacker to craft and submit malicious commands. When these inputs are improperly verified, it may lead to the execution of arbitrary commands with root privileges, potentially compromising the integrity and security of the affected systems. It is critical for users of the ABE service to assess their exposure and apply mitigations as provided in the security advisory.

Affected Version(s)

ABE Versions earlier than 4.4.0.9

References

https://www.vivo.com/en/support/security-advisory-detail?...

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 17, 2024
Vulnerability Reserved
Apr 30, 2020