CVE-2020-20094
RTLO Injection URI Spoofing
Severity Score
6.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Instagram iOS 106.0 and prior and Android 107.0.0.11 and prior user interface does not properly represent URI messages to the user, which results in URI spoofing via specially crafted messages
Instagram iOS para iOS versiones 106.0 y anteriores y para Android versiones 107.0.0.11 y versiones anteriores de interfaz de usuario, no representa apropiadamente los mensajes URI para el usuario, lo que resulta en una suplantación de URI por medio de mensajes especialmente diseñados
RTLO injection URI spoofing generator for WhatsApp, iMessage, Instagram, and Facebook Messenger.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2020-08-13 CVE Reserved
- 2022-03-23 CVE Published
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- 2024-10-27 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (2)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
http://packetstormsecurity.com/files/166448/RTLO-Injection-URI-Spoofing.html | 2024-08-04 | |
https://github.com/zadewg/RIUS | 2024-08-04 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Facebook Search vendor "Facebook" | Instagram Search vendor "Facebook" for product "Instagram" | <= 106.0 Search vendor "Facebook" for product "Instagram" and version " <= 106.0" | iphone_os |
Affected
| ||||||
Facebook Search vendor "Facebook" | Instagram Search vendor "Facebook" for product "Instagram" | <= 107.0.0.11 Search vendor "Facebook" for product "Instagram" and version " <= 107.0.0.11" | android |
Affected
|