exploitDog

CVE-2022-20399

Опубликовано: 13 сент. 2022

Источник: nvd

CVSS3: 5.5

EPSS Низкий

Описание

In the SEPolicy configuration of system apps, there is a possible access to the 'ip' utility due to an insecure default value. This could lead to local information disclosure of network data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-219808546References: Upstream kernel

Ссылки

https://source.android.com/security/bulletin/2022-09-01
Patch
Vendor Advisory
https://source.android.com/security/bulletin/2022-09-01
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:google:android:-:*:*:*:*:*:*:*

EPSS

Процентиль: 3%

0.00015

Низкий

5.5 Medium

CVSS3

Дефекты

CWE-732

Связанные уязвимости

GHSA-9jg9-7mjm-x5wx

CVSS3: 5.5

github

больше 3 лет назад

In the SEPolicy configuration of system apps, there is a possible access to the 'ip' utility due to an insecure default value. This could lead to local information disclosure of network data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-219808546References: Upstream kernel

EPSS

Процентиль: 3%

0.00015

Низкий

5.5 Medium

CVSS3

Дефекты

CWE-732