CVE-2019-20472

CVE-2019-20472 is a medium-severity vulnerability with a CVSS 3.x base score of 6.2. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.

Key facts

Description

An issue was discovered on One2Track 2019-12-08 devices. Any SIM card used with the device cannot have a PIN configured. If a PIN is configured, the device simply produces a "Remove PIN and restart!" message, and cannot be used. This makes it easier for an attacker to use the SIM card by stealing the device.

Frequently asked questions

What is CVE-2019-20472?
An issue was discovered on One2Track 2019-12-08 devices. Any SIM card used with the device cannot have a PIN configured. If a PIN is configured, the device simply produces a "Remove PIN and restart!" message, and cannot be used. This makes it easier for an attacker to use the SIM card by stealing the device.
How severe is CVE-2019-20472?
CVE-2019-20472 has a CVSS 3.x base score of 6.2, rated medium severity. It is exploitable over local access with low attack complexity, requires no privileges and no user interaction. Impact on confidentiality is none, integrity none, and availability high.
Is CVE-2019-20472 being actively exploited?
It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (16th percentile), an estimate of the probability of exploitation in the next 30 days.
How do I fix CVE-2019-20472?
Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
Does CVE-2019-20472 have an EU (EUVD) identifier?
Yes. CVE-2019-20472 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2019-11017.
When was CVE-2019-20472 published?
CVE-2019-20472 was published on 2024-11-07 and last updated on 2026-06-17.

References