>

>

Security Advisory

>

Details

Security Advisory | Command Execution Vulnerability in ABE Service

Original release date: 2021-03-24

CVE ID

CVE-2020-12487

CVSS 3.1 Base Score

7.0 High （AV:P/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N）

Description

Due to the flaws in the verification of input parameters, the attacker can input carefully constructed commands to make the ABE service execute some commands with root privilege.

Software Versions and Fixes

Software Affected Version Fixed Version
ABE service Versions earlier than 4.4.0.9 Upgrade to 4.4.0.9 or later

Temporary Fix

NA

Obtaining Fixed Software

The vulnerability can be fixed by performing system updates.

Source

weiwei,caimo

Update Records

2021-3-24 V1.0 INITIAL

FAQs

NA

vivo Security Procedures

vivo is committed to providing users with best cyber security products and services, and follows the industrial best practice to handle and publish vunerability information.
To report a security vulnerability in vivo products and solutions, please send it to security@vivo.com.
For details, please visit Security Advisory.