CVE-2022-20535

CVSS v3.1

3.3

Low

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Android versions Android-13

Description A side channel information disclosure issue exists in the WifiManager.java file, specifically in the registerLocalOnlyHotspotSoftApCallback function. This issue could allow an attacker to determine whether an app is installed without requiring query permissions, potentially leading to local information disclosure. No additional execution privileges are needed, and user interaction is not required for exploitation.

Recommendations For Android version Android-13, consider restricting access to the WifiManager.java file or the registerLocalOnlyHotspotSoftApCallback function to minimize the risk of exploitation until a patch is available.

Fix

Side Channel Attack

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-203

Related Identifiers

CVE-2022-20535

Affected Products

Android

CVE-2022-20535

Weakness Enumeration

Related Identifiers

Affected Products

References · 3