Main Vulnerability Database Vulnerabilities #VU36410

Information disclosure in Google Android - CVE-2018-9526

Published: November 14, 2018 / Updated: August 8, 2020

Vulnerability identifier: #VU36410

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2018-9526

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

In device configuration data, there is an improperly configured setting. This could lead to remote disclosure of device location. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112159033

How to mitigate CVE-2018-9526

Install update from vendor's website.

Sources

http://www.securityfocus.com/bid/105847
https://source.android.com/security/bulletin/pixel/2018-11-01

Information disclosure in Google Android - CVE-2018-9526

Detailed vulnerability description

How to mitigate CVE-2018-9526

Sources

Please verify you're human