Published: 30/09/2020 Updated: 22/10/2020

CVSS v2 Base Score: 3.3 | Impact Score: 4.9 | Exploitability Score: 3.4

CVSS v3 Base Score: 5.7 | Impact Score: 5.2 | Exploitability Score: 0.5

VMScore: 294

Vector: AV:L/AC:M/Au:N/C:P/I:P/A:N

An issue exists in the GAEN (aka Google/Apple Exposure Notifications) protocol through 2020-09-29, as used in COVID-19 applications on Android and iOS. It allows a user to be put in a position where he or she can be coerced into proving or disproving an exposure notification, because of the persistent state of a private framework.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apple exposure notifications
google exposure notifications

It appears that the corona virus Exposure Notifications API for iOS and Android may have a data leakage issue ...

NVD-CWE-noinfo https://github.com/minvws/nl-covid19-notification-app-coordination/blob/master/CVEs/CVE-2020-24721.txt https://blog.google/inside-google/company-announcements/update-exposure-notifications https://seclists.org/fulldisclosure/2020/Sep/53 http://packetstormsecurity.com/files/159419/Corona-Exposure-Notifications-API-Data-Leakage.html https://nvd.nist.gov https://packetstormsecurity.com/files/159419/Corona-Exposure-Notifications-API-Data-Leakage.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2020-24721

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect