Main Vulnerability Database Vulnerabilities #VU69990

Information disclosure in Google Android - CVE-2022-20498

Published: December 7, 2022 / Updated: December 7, 2022

Vulnerability identifier: #VU69990

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2022-20498

CWE-ID: CWE-200

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows an attacker to gain access to potentially sensitive information.

The vulnerability exists due to unspecified error within the Bluetooth component. An attacker with physical proximity to device can gain unauthorized access to sensitive information.

How to mitigate CVE-2022-20498

Install updates from vendor's website.

Sources

https://source.android.com/docs/security/bulletin/2022-12-01#2022-12-01-security-patch-level-vulnerability-details

Information disclosure in Google Android - CVE-2022-20498

Detailed vulnerability description

How to mitigate CVE-2022-20498

Sources

Please verify you're human