Main Vulnerability Database Vulnerabilities #VU37941

Information disclosure in Google Android - CVE-2017-11022

Published: November 16, 2017 / Updated: August 8, 2020

Vulnerability identifier: #VU37941

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2017-11022

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the probe requests originated from user's phone contains the information elements which specifies the supported wifi features. This shall impact the user's privacy if someone sniffs the probe requests originated by this DUT. Hence, control the presence of information elements using ini file.

How to mitigate CVE-2017-11022

Install update from vendor's website.

Sources

https://source.android.com/security/bulletin/pixel/2017-11-01

Information disclosure in Google Android - CVE-2017-11022

Detailed vulnerability description

How to mitigate CVE-2017-11022

Sources

Please verify you're human