CVE-2020-0378 — Missing Authorization in Google Android

CWE-862 — Missing Authorization5 documents5 sources

Severity

5.5MEDIUMNVD

EPSS

0.0%

top 96.75%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Platform Frameworks OPT NET Wifi Google Android

Timeline

PublishedOct 14

Latest updateMay 24

Description

In onWnmFrameReceived of PasspointManager.java, there is a missing permission check. This could lead to local information disclosure of location data with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11Android ID: A-157748906

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5google/androidAndroid-9 Android-10 Android-11

▶NVDgoogle/android10.0, 11.0, 9.0+2

▶Androidplatform/frameworks_opt_net_wifi9:0 — 9:2020-10-01+1

🔴Vulnerability Details

GHSA

GHSA-j5g6-3m86-v2xc: In onWnmFrameReceived of PasspointManager↗2022-05-24

▶

CVEList

CVE-2020-0378: In onWnmFrameReceived of PasspointManager↗2020-10-14

▶

OSV

CVE-2020-0378: In onWnmFrameReceived of PasspointManager↗2020-10-01

▶

📋Vendor Advisories

Android

CVE-2020-0378: Android Security Bulletin 2020-10-01 CVE: CVE-2020-0378 Severity: HIGH Type: ID Affected AOSP versions: 9, 10, 11 References: A-157748906↗2020-10-01

▶