Main Vulnerability Database Vulnerabilities #VU34487

Information disclosure in Google Android - CVE-2018-21059

Published: April 8, 2020 / Updated: August 8, 2020

Vulnerability identifier: #VU34487

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2018-21059

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. There is Clipboard content visibility in the locked state via the emergency contact picker. The Samsung ID is SVE-2018-11806 (September 2018).

How to mitigate CVE-2018-21059

Install update from vendor's website.

Sources

https://security.samsungmobile.com/securityUpdate.smsb

Information disclosure in Google Android - CVE-2018-21059

Detailed vulnerability description

How to mitigate CVE-2018-21059

Sources

Please verify you're human