Main Vulnerability Database Vulnerabilities #VU69990

#VU69990 Information disclosure in Google Android - CVE-2022-20498

Published: December 7, 2022 / Updated: December 7, 2022

Vulnerability identifier: #VU69990

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2022-20498

CWE-ID: CWE-200

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Google Android

Software vendor:
Google

Description

The vulnerability allows an attacker to gain access to potentially sensitive information.

The vulnerability exists due to unspecified error within the Bluetooth component. An attacker with physical proximity to device can gain unauthorized access to sensitive information.

Remediation

Install updates from vendor's website.

External links

https://source.android.com/docs/security/bulletin/2022-12-01#2022-12-01-security-patch-level-vulnerability-details