{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2020-14129", "assignerOrgId": "b57733aa-7326-4f07-8e09-0be8e0df1909", "assignerShortName": "Xiaomi", "dateUpdated": "2024-08-04T12:39:36.494Z", "dateReserved": "2020-06-15T00:00:00.000Z", "datePublished": "2022-10-11T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b57733aa-7326-4f07-8e09-0be8e0df1909", "shortName": "Xiaomi", "dateUpdated": "2022-10-11T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "A logic vulnerability exists in a Xiaomi product. The vulnerability is caused by an identity verification failure, which can be exploited by an attacker who can obtain a brief elevation of privilege."}], "affected": [{"vendor": "n/a", "product": "Xiaomi a certain APP", "versions": [{"version": "Affected Version:3.4.5.18 Fixed Version:3.4.5.24", "status": "affected"}]}], "references": [{"url": "https://trust.mi.com/misrc/bulletins/advisory?cveId=155"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "Vulnerability logic vulnerability"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T12:39:36.494Z"}, "title": "CVE Program Container", "references": [{"url": "https://trust.mi.com/misrc/bulletins/advisory?cveId=155", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mi:xiaomi:-:*:*:*:*:*:*:*", "matchCriteriaId": "7F9C6762-9C78-47DC-9306-59762DE70629", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A logic vulnerability exists in a Xiaomi product. The vulnerability is caused by an identity verification failure, which can be exploited by an attacker who can obtain a brief elevation of privilege."}, {"lang": "es", "value": "Se presenta una vulnerabilidad l\u00f3gica en un producto de Xiaomi. La vulnerabilidad est\u00e1 causada por un fallo de verificaci\u00f3n de identidad, que puede ser explotado por un atacante que puede obtener una breve elevaci\u00f3n de privilegios"}], "id": "CVE-2020-14129", "lastModified": "2024-11-21T05:02:43.457", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-10-11T20:15:10.267", "references": [{"source": "security@xiaomi.com", "tags": ["Vendor Advisory"], "url": "https://trust.mi.com/misrc/bulletins/advisory?cveId=155"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://trust.mi.com/misrc/bulletins/advisory?cveId=155"}], "sourceIdentifier": "security@xiaomi.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}