CVE-2022-20525

CVSS v3.1

3.3

Low

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Android versions Android-13

Description The issue is related to a permissions bypass in the enforceVisualVoicemailPackage function of PhoneInterfaceManager.java, which could lead to a leak of the visual voicemail package name. This leak may result in local escalation of privilege without requiring additional execution privileges. User interaction is not necessary for exploitation.

Recommendations For Android version Android-13, apply the necessary patch or update to resolve the permissions bypass issue in the enforceVisualVoicemailPackage function of PhoneInterfaceManager.java. As a temporary workaround, consider restricting access to sensitive features related to visual voicemail until a patch is available.

Fix

Generation of Error Message Containing Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-209

Related Identifiers

CVE-2022-20525

Affected Products

Android

CVE-2022-20525

Weakness Enumeration

Related Identifiers

Affected Products

References · 5