ID

VAR-202212-0790


CVE

CVE-2022-20535


TITLE

Google  of  Android  Vulnerability regarding observable inconsistencies in

Trust: 0.8

sources: JVNDB: JVNDB-2022-023810

DESCRIPTION

In registerLocalOnlyHotspotSoftApCallback of WifiManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-233605242. Google of Android Exists in observable mismatch vulnerabilities.Information may be obtained. Google Pixel is a smartphone made by the American company Google. Google Pixel has security flaw. An attacker can exploit this vulnerability to cause information leakage

Trust: 2.25

sources: NVD: CVE-2022-20535 // JVNDB: JVNDB-2022-023810 // CNVD: CNVD-2023-100956 // VULMON: CVE-2022-20535

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2023-100956

AFFECTED PRODUCTS

vendor:googlemodel:androidscope:eqversion:13.0

Trust: 2.4

vendor:googlemodel:androidscope:eqversion: -

Trust: 0.8

vendor:googlemodel:androidscope: - version: -

Trust: 0.8

sources: CNVD: CNVD-2023-100956 // JVNDB: JVNDB-2022-023810 // NVD: CVE-2022-20535

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-20535
value: LOW

Trust: 1.0

NVD: CVE-2022-20535
value: LOW

Trust: 0.8

CNVD: CNVD-2023-100956
value: LOW

Trust: 0.6

CNNVD: CNNVD-202212-2349
value: LOW

Trust: 0.6

CNVD: CNVD-2023-100956
severity: LOW
baseScore: 1.7
vectorString: AV:L/AC:L/AU:S/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.1
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2022-20535
baseSeverity: LOW
baseScore: 3.3
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2022-20535
baseSeverity: LOW
baseScore: 3.3
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2023-100956 // JVNDB: JVNDB-2022-023810 // CNNVD: CNNVD-202212-2349 // NVD: CVE-2022-20535

PROBLEMTYPE DATA

problemtype:CWE-203

Trust: 1.0

problemtype:Observable discrepancy (CWE-203) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-023810 // NVD: CVE-2022-20535

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202212-2349

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202212-2349

PATCH

title:Patch for Google Pixel information leakage vulnerability (CNVD-2023-10095625)url:https://www.cnvd.org.cn/patchInfo/show/506211

Trust: 0.6

title:Google Pixel Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=218761

Trust: 0.6

sources: CNVD: CNVD-2023-100956 // CNNVD: CNNVD-202212-2349

EXTERNAL IDS

db:NVDid:CVE-2022-20535

Trust: 3.9

db:JVNDBid:JVNDB-2022-023810

Trust: 0.8

db:CNVDid:CNVD-2023-100956

Trust: 0.6

db:CNNVDid:CNNVD-202212-2349

Trust: 0.6

db:VULMONid:CVE-2022-20535

Trust: 0.1

sources: CNVD: CNVD-2023-100956 // VULMON: CVE-2022-20535 // JVNDB: JVNDB-2022-023810 // CNNVD: CNNVD-202212-2349 // NVD: CVE-2022-20535

REFERENCES

url:https://source.android.com/security/bulletin/pixel/2022-12-01

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-20535

Trust: 0.8

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2022-20535

Trust: 0.6

url:https://vigilance.fr/vulnerability/google-android-pixel-multiple-vulnerabilities-of-december-2022-40023

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-20535/

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2023-100956 // VULMON: CVE-2022-20535 // JVNDB: JVNDB-2022-023810 // CNNVD: CNNVD-202212-2349 // NVD: CVE-2022-20535

SOURCES

db:CNVDid:CNVD-2023-100956
db:VULMONid:CVE-2022-20535
db:JVNDBid:JVNDB-2022-023810
db:CNNVDid:CNNVD-202212-2349
db:NVDid:CVE-2022-20535

LAST UPDATE DATE

2024-08-14T14:10:24.903000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2023-100956date:2023-12-27T00:00:00
db:VULMONid:CVE-2022-20535date:2022-12-16T00:00:00
db:JVNDBid:JVNDB-2022-023810date:2023-11-30T03:02:00
db:CNNVDid:CNNVD-202212-2349date:2022-12-22T00:00:00
db:NVDid:CVE-2022-20535date:2022-12-21T14:54:39.313

SOURCES RELEASE DATE

db:CNVDid:CNVD-2023-100956date:2022-12-21T00:00:00
db:VULMONid:CVE-2022-20535date:2022-12-16T00:00:00
db:JVNDBid:JVNDB-2022-023810date:2023-11-30T00:00:00
db:CNNVDid:CNNVD-202212-2349date:2022-12-05T00:00:00
db:NVDid:CVE-2022-20535date:2022-12-16T16:15:18.047