PT-2018-19017 · Google · Android
Published
2018-11-14
·
Updated
2020-08-24
·
CVE-2018-9457
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Android versions 8.0 through 9
Description
A permissions bypass issue in the
BluetoothPairingController.java file allows for the retrieval of contact information, potentially leading to local information disclosure. This issue can be exploited without requiring additional execution privileges or user interaction.Recommendations
For Android versions 8.0 through 9, update to a version that includes the fix for the issue identified by Android ID: A-72872376.
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Android