CVE-2020-0454

Name of the Vulnerable Software and Affected Versions Android version 9

Description In the callCallbackForRequest function of ConnectivityService.java, a missing permission check could lead to a permission bypass. This issue may result in local information disclosure of the current SSID, requiring User execution privileges. No user interaction is needed for exploitation.

Recommendations For Android version 9, consider restricting access to the callCallbackForRequest function in ConnectivityService.java until a patch is available. As a temporary workaround, review and adjust permission settings to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.