Base Score

HIGH8.8

CVE-2020-36245

GramAddict through 1.2.3 allows remote attackers to execute arbitrary code because of use of UIAutomator2 and ATX-Agent. The attacker must be able to reach TCP port 7912, e.g., by being on the same Wi-Fi network.

VectorADJACENT_NETWORK

Published Bycve@mitre.org

Published DateFeb 17, 2021, 22:15

Affected Versions(1)

GramAddict(PyPI)

Introduced0

Fixed1.2.5

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
GramAddict(PyPI)	0	1.2.5	N/A

Weakness Type (CWE):CWE-306

CVSS Metrics

Base Score

8.8

Vector String

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

ADJACENT_NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

HIGH

References

https://github.com/GramAddict/bot/issues/134

Base Score

HIGH8.8

Weakness Type (CWE):CWE-306

CVSS Metrics

Base Score

8.8

Vector String

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

ADJACENT_NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

HIGH