CVE-2018-9457Missing Authorization in INC Android

CWE-862Missing Authorization3 documents3 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 98.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Google INC AndroidGoogle Android
Timeline
PublishedNov 14
Latest updateMay 13

Description

In onCheckedChanged of BluetoothPairingController.java, there is a possible way to retrieve contact information due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. Android ID: A-72872376

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

NVDgoogle/android8.0, 8.1, 9.0+2
CVEListV5google_inc/androidAndroid-8.0 Android-8.1 Android-9

Patches

Patch: source.android.com

🔴Vulnerability Details

2
GHSA
GHSA-5gj2-2h84-jmf8: In onCheckedChanged of BluetoothPairingController2022-05-13
CVEList
CVE-2018-9457: In onCheckedChanged of BluetoothPairingController2018-11-14
CVE-2018-9457 — Missing Authorization in INC Android | cvebase