Main Vulnerability Database SB2018083102

SB2018083102 - Information disclosure in Google Android

Published: August 31, 2018

Security Bulletin ID SB2018083102

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Information disclosure (CVE-ID: CVE-2018-9489)

The vulnerability allows a local attacker to obtain potentially sensitive information.

The vulnerability exists due to local application can monitor NETWORK_STATE_CHANGED_ACTION and WIFI_P2P_THIS_DEVICE_CHANGED_ACTION system WiFi broadcasts. A local attacker can obtain identifying data on the target system, including network names, BSSIDs, local addresses, and DNS server addresses.

Remediation

Install update from vendor's website.

References

https://wwws.nightwatchcybersecurity.com/2018/08/29/sensitive-data-exposure-via-wifi-broadcasts-in-a...