cvelistv5 - cve-2020-14117

CVE-2020-14117 (GCVE-0-2020-14117)

Vulnerability from cvelistv5 – Published: 2022-04-21 17:40 – Updated: 2024-08-04 12:39

Summary

A improper permission configuration vulnerability in Xiaomi Content Center APP. This vulnerability is caused by the lack of correct permission verification in the Xiaomi content center APP, and attackers can use this vulnerability to invoke the sensitive component functions of the Xiaomi content center APP.

Severity ?

No CVSS data available.

CWE

Improper permission configuration

Assigner

Xiaomi

References

URL

Tags

https://trust.mi.com/zh-CN/misrc/bulletins/adviso…

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	Xiaomi Content Center APP	Affected: Xiaomi Content Center APP version < 4.4.11

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T12:39:35.724Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=143"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Xiaomi Content Center APP",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Xiaomi Content Center APP version \u003c 4.4.11"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A improper permission configuration vulnerability in Xiaomi Content Center APP. This vulnerability is caused by the lack of correct permission verification in the Xiaomi content center APP, and attackers can use this vulnerability to invoke the sensitive component functions of the Xiaomi content center APP."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Improper permission configuration",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-21T17:40:02",
        "orgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
        "shortName": "Xiaomi"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=143"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@xiaomi.com",
          "ID": "CVE-2020-14117",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Xiaomi Content Center APP",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Xiaomi Content Center APP version \u003c 4.4.11"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A improper permission configuration vulnerability in Xiaomi Content Center APP. This vulnerability is caused by the lack of correct permission verification in the Xiaomi content center APP, and attackers can use this vulnerability to invoke the sensitive component functions of the Xiaomi content center APP."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Improper permission configuration"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=143",
              "refsource": "MISC",
              "url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=143"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
    "assignerShortName": "Xiaomi",
    "cveId": "CVE-2020-14117",
    "datePublished": "2022-04-21T17:40:02",
    "dateReserved": "2020-06-15T00:00:00",
    "dateUpdated": "2024-08-04T12:39:35.724Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mi:content_center:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"4.4.11\", \"matchCriteriaId\": \"85282E89-1AD7-4BC3-AE7E-0A74F3524E41\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A improper permission configuration vulnerability in Xiaomi Content Center APP. This vulnerability is caused by the lack of correct permission verification in the Xiaomi content center APP, and attackers can use this vulnerability to invoke the sensitive component functions of the Xiaomi content center APP.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad de configuraci\\u00f3n de permisos inapropiada en la APP Xiaomi Content Center. Esta vulnerabilidad es causada por una falta de verificaci\\u00f3n correcta de permisos en la APP del centro de contenido de Xiaomi, y los atacantes pueden usar esta vulnerabilidad para invocar las funciones de componentes confidenciales de la APP del centro de contenido de Xiaomi\"}]",
      "id": "CVE-2020-14117",
      "lastModified": "2024-11-21T05:02:41.373",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 1.4}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:P/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2022-04-21T18:15:08.490",
      "references": "[{\"url\": \"https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=143\", \"source\": \"security@xiaomi.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=143\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "security@xiaomi.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-14117\",\"sourceIdentifier\":\"security@xiaomi.com\",\"published\":\"2022-04-21T18:15:08.490\",\"lastModified\":\"2024-11-21T05:02:41.373\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A improper permission configuration vulnerability in Xiaomi Content Center APP. This vulnerability is caused by the lack of correct permission verification in the Xiaomi content center APP, and attackers can use this vulnerability to invoke the sensitive component functions of the Xiaomi content center APP.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de configuraci\u00f3n de permisos inapropiada en la APP Xiaomi Content Center. Esta vulnerabilidad es causada por una falta de verificaci\u00f3n correcta de permisos en la APP del centro de contenido de Xiaomi, y los atacantes pueden usar esta vulnerabilidad para invocar las funciones de componentes confidenciales de la APP del centro de contenido de Xiaomi\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:P/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mi:content_center:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.4.11\",\"matchCriteriaId\":\"85282E89-1AD7-4BC3-AE7E-0A74F3524E41\"}]}]}],\"references\":[{\"url\":\"https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=143\",\"source\":\"security@xiaomi.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=143\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

GHSA-VH3X-QHH3-9FRG

Vulnerability from github – Published: 2022-04-22 00:00 – Updated: 2022-05-03 00:00

Details

Severity ?

5.3 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-14117"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-276"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-04-21T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A improper permission configuration vulnerability in Xiaomi Content Center APP. This vulnerability is caused by the lack of correct permission verification in the Xiaomi content center APP, and attackers can use this vulnerability to invoke the sensitive component functions of the Xiaomi content center APP.",
  "id": "GHSA-vh3x-qhh3-9frg",
  "modified": "2022-05-03T00:00:53Z",
  "published": "2022-04-22T00:00:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14117"
    },
    {
      "type": "WEB",
      "url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=143"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2020-14117

Vulnerability from fkie_nvd - Published: 2022-04-21 18:15 - Updated: 2024-11-21 05:02

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Summary

References

	URL	Tags
	security@xiaomi.com	https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=143	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=143	Vendor Advisory

Impacted products

	Vendor	Product	Version
	mi	content_center	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mi:content_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "85282E89-1AD7-4BC3-AE7E-0A74F3524E41",
              "versionEndExcluding": "4.4.11",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A improper permission configuration vulnerability in Xiaomi Content Center APP. This vulnerability is caused by the lack of correct permission verification in the Xiaomi content center APP, and attackers can use this vulnerability to invoke the sensitive component functions of the Xiaomi content center APP."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de configuraci\u00f3n de permisos inapropiada en la APP Xiaomi Content Center. Esta vulnerabilidad es causada por una falta de verificaci\u00f3n correcta de permisos en la APP del centro de contenido de Xiaomi, y los atacantes pueden usar esta vulnerabilidad para invocar las funciones de componentes confidenciales de la APP del centro de contenido de Xiaomi"
    }
  ],
  "id": "CVE-2020-14117",
  "lastModified": "2024-11-21T05:02:41.373",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-04-21T18:15:08.490",
  "references": [
    {
      "source": "security@xiaomi.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=143"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=143"
    }
  ],
  "sourceIdentifier": "security@xiaomi.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2020-14117

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2020-14117

Aliases

CVE-2020-14117

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-14117",
    "description": "A improper permission configuration vulnerability in Xiaomi Content Center APP. This vulnerability is caused by the lack of correct permission verification in the Xiaomi content center APP, and attackers can use this vulnerability to invoke the sensitive component functions of the Xiaomi content center APP.",
    "id": "GSD-2020-14117"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-14117"
      ],
      "details": "A improper permission configuration vulnerability in Xiaomi Content Center APP. This vulnerability is caused by the lack of correct permission verification in the Xiaomi content center APP, and attackers can use this vulnerability to invoke the sensitive component functions of the Xiaomi content center APP.",
      "id": "GSD-2020-14117",
      "modified": "2023-12-13T01:22:00.427160Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@xiaomi.com",
        "ID": "CVE-2020-14117",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Xiaomi Content Center APP",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Xiaomi Content Center APP version \u003c 4.4.11"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A improper permission configuration vulnerability in Xiaomi Content Center APP. This vulnerability is caused by the lack of correct permission verification in the Xiaomi content center APP, and attackers can use this vulnerability to invoke the sensitive component functions of the Xiaomi content center APP."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Improper permission configuration"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=143",
            "refsource": "MISC",
            "url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=143"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:mi:content_center:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.4.11",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@xiaomi.com",
          "ID": "CVE-2020-14117"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A improper permission configuration vulnerability in Xiaomi Content Center APP. This vulnerability is caused by the lack of correct permission verification in the Xiaomi content center APP, and attackers can use this vulnerability to invoke the sensitive component functions of the Xiaomi content center APP."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-276"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=143",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=143"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 1.4
        }
      },
      "lastModifiedDate": "2022-05-02T20:03Z",
      "publishedDate": "2022-04-21T18:15Z"
    }
  }
}

CNVD-2022-81247

Vulnerability from cnvd - Published: 2022-11-25

Title

Xiaomi Content Center APP不正确权限配置漏洞

Description

Xiaomi Content Center（小米内容中心）是中国小米（Xiaomi）公司的一个内容中心。 Xiaomi Content Center APP存在不正确权限配置漏洞，该漏洞是由于小米内容中心APP中缺少正确的权限验证造成的，攻击者可以利用该漏洞调用小米内容中心APP的敏感组件功能。

Severity

中

Patch Name

Xiaomi Content Center APP不正确权限配置漏洞的补丁

Patch Description

Xiaomi Content Center（小米内容中心）是中国小米（Xiaomi）公司的一个内容中心。 Xiaomi Content Center APP存在不正确权限配置漏洞，该漏洞是由于小米内容中心APP中缺少正确的权限验证造成的，攻击者可以利用该漏洞调用小米内容中心APP的敏感组件功能。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=143

Reference

https://nvd.nist.gov/vuln/detail/CVE-2020-14117

Impacted products

Name
Xiaomi Content Center <4.4.11

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-14117",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-14117"
    }
  },
  "description": "Xiaomi Content Center\uff08\u5c0f\u7c73\u5185\u5bb9\u4e2d\u5fc3\uff09\u662f\u4e2d\u56fd\u5c0f\u7c73\uff08Xiaomi\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u5185\u5bb9\u4e2d\u5fc3\u3002\n\n\nXiaomi Content Center APP\u5b58\u5728\u4e0d\u6b63\u786e\u6743\u9650\u914d\u7f6e\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u662f\u7531\u4e8e\u5c0f\u7c73\u5185\u5bb9\u4e2d\u5fc3APP\u4e2d\u7f3a\u5c11\u6b63\u786e\u7684\u6743\u9650\u9a8c\u8bc1\u9020\u6210\u7684\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u8be5\u6f0f\u6d1e\u8c03\u7528\u5c0f\u7c73\u5185\u5bb9\u4e2d\u5fc3APP\u7684\u654f\u611f\u7ec4\u4ef6\u529f\u80fd\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=143",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-81247",
  "openTime": "2022-11-25",
  "patchDescription": "Xiaomi Content Center\uff08\u5c0f\u7c73\u5185\u5bb9\u4e2d\u5fc3\uff09\u662f\u4e2d\u56fd\u5c0f\u7c73\uff08Xiaomi\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u5185\u5bb9\u4e2d\u5fc3\u3002\r\n\r\n\r\nXiaomi Content Center APP\u5b58\u5728\u4e0d\u6b63\u786e\u6743\u9650\u914d\u7f6e\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u662f\u7531\u4e8e\u5c0f\u7c73\u5185\u5bb9\u4e2d\u5fc3APP\u4e2d\u7f3a\u5c11\u6b63\u786e\u7684\u6743\u9650\u9a8c\u8bc1\u9020\u6210\u7684\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u8be5\u6f0f\u6d1e\u8c03\u7528\u5c0f\u7c73\u5185\u5bb9\u4e2d\u5fc3APP\u7684\u654f\u611f\u7ec4\u4ef6\u529f\u80fd\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Xiaomi Content Center APP\u4e0d\u6b63\u786e\u6743\u9650\u914d\u7f6e\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Xiaomi Content Center \u003c4.4.11"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-14117",
  "serverity": "\u4e2d",
  "submitTime": "2022-04-29",
  "title": "Xiaomi Content Center APP\u4e0d\u6b63\u786e\u6743\u9650\u914d\u7f6e\u6f0f\u6d1e"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-14117 (GCVE-0-2020-14117)

GHSA-VH3X-QHH3-9FRG

FKIE_CVE-2020-14117

GSD-2020-14117

CNVD-2022-81247

Tags

Sightings

Nomenclature