CVE-2020-12860

Severity CVSS v4.0:
Pending analysis
Type:
CWE-269 Improper Privilege Management
Publication date:
18/05/2020
Last modified:
21/07/2021

Description

COVIDSafe through v1.0.17 allows a remote attacker to access phone name and model information because a BLE device can have four roles and COVIDSafe uses all of them. This allows for re-identification of a device, and potentially identification of the owner's name.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:health:covidsafe:*:*:*:*:*:android:*:* 1.0.17 (including)
cpe:2.3:a:health:covidsafe:-:*:*:*:*:iphone_os:*:*