Details of VAR-202212-0790

ID

VAR-202212-0790

CVE

CVE-2022-20535

TITLE

Google of Android Vulnerability regarding observable inconsistencies in

Trust: 0.8

sources: JVNDB: JVNDB-2022-023810

DESCRIPTION

In registerLocalOnlyHotspotSoftApCallback of WifiManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-233605242. Google of Android Exists in observable mismatch vulnerabilities.Information may be obtained. Google Pixel is a smartphone made by the American company Google. Google Pixel has security flaw. An attacker can exploit this vulnerability to cause information leakage

Trust: 2.25

sources: NVD: CVE-2022-20535 // JVNDB: JVNDB-2022-023810 // CNVD: CNVD-2023-100956 // VULMON: CVE-2022-20535

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2023-100956

AFFECTED PRODUCTS

vendor:	google	model:	android	scope:	eq	version:	13.0	Trust: 2.4
vendor:	google	model:	android	scope:	eq	version:	-	Trust: 0.8
vendor:	google	model:	android	scope:	-	version:	-	Trust: 0.8

sources: CNVD: CNVD-2023-100956 // JVNDB: JVNDB-2022-023810 // NVD: CVE-2022-20535

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-20535
value:	LOW
Trust: 1.0
NVD:	CVE-2022-20535
value:	LOW
Trust: 0.8
CNVD:	CNVD-2023-100956
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-202212-2349
value:	LOW
Trust: 0.6

CNVD:	CNVD-2023-100956
severity:	LOW
baseScore:	1.7
vectorString:	AV:L/AC:L/AU:S/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.1
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2022-20535
baseSeverity:	LOW
baseScore:	3.3
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2022-20535
baseSeverity:	LOW
baseScore:	3.3
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2023-100956 // JVNDB: JVNDB-2022-023810 // CNNVD: CNNVD-202212-2349 // NVD: CVE-2022-20535

PROBLEMTYPE DATA

problemtype:	CWE-203	Trust: 1.0
problemtype:	Observable discrepancy (CWE-203) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-023810 // NVD: CVE-2022-20535

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202212-2349

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202212-2349

PATCH

title:	Patch for Google Pixel information leakage vulnerability (CNVD-2023-10095625)	url:	https://www.cnvd.org.cn/patchInfo/show/506211	Trust: 0.6
title:	Google Pixel Security vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=218761	Trust: 0.6

sources: CNVD: CNVD-2023-100956 // CNNVD: CNNVD-202212-2349

EXTERNAL IDS

db:	NVD	id:	CVE-2022-20535	Trust: 3.9
db:	JVNDB	id:	JVNDB-2022-023810	Trust: 0.8
db:	CNVD	id:	CNVD-2023-100956	Trust: 0.6
db:	CNNVD	id:	CNNVD-202212-2349	Trust: 0.6
db:	VULMON	id:	CVE-2022-20535	Trust: 0.1

sources: CNVD: CNVD-2023-100956 // VULMON: CVE-2022-20535 // JVNDB: JVNDB-2022-023810 // CNNVD: CNNVD-202212-2349 // NVD: CVE-2022-20535

REFERENCES

url:	https://source.android.com/security/bulletin/pixel/2022-12-01	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2022-20535	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2022-20535	Trust: 0.6
url:	https://vigilance.fr/vulnerability/google-android-pixel-multiple-vulnerabilities-of-december-2022-40023	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-20535/	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2023-100956 // VULMON: CVE-2022-20535 // JVNDB: JVNDB-2022-023810 // CNNVD: CNNVD-202212-2349 // NVD: CVE-2022-20535

SOURCES

db:	CNVD	id:	CNVD-2023-100956
db:	VULMON	id:	CVE-2022-20535
db:	JVNDB	id:	JVNDB-2022-023810
db:	CNNVD	id:	CNNVD-202212-2349
db:	NVD	id:	CVE-2022-20535

LAST UPDATE DATE

2024-08-14T14:10:24.903000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2023-100956	date:	2023-12-27T00:00:00
db:	VULMON	id:	CVE-2022-20535	date:	2022-12-16T00:00:00
db:	JVNDB	id:	JVNDB-2022-023810	date:	2023-11-30T03:02:00
db:	CNNVD	id:	CNNVD-202212-2349	date:	2022-12-22T00:00:00
db:	NVD	id:	CVE-2022-20535	date:	2022-12-21T14:54:39.313

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2023-100956	date:	2022-12-21T00:00:00
db:	VULMON	id:	CVE-2022-20535	date:	2022-12-16T00:00:00
db:	JVNDB	id:	JVNDB-2022-023810	date:	2023-11-30T00:00:00
db:	CNNVD	id:	CNNVD-202212-2349	date:	2022-12-05T00:00:00
db:	NVD	id:	CVE-2022-20535	date:	2022-12-16T16:15:18.047