VDB

CVE-2022-20399

CVE-2022-20399 PUBLISHED CVSS 5.5 MEDIUM

In the SEPolicy configuration of system apps, there is a possible access to the 'ip' utility due to an insecure default value. This could lead to local information disclosure of network data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-219808546References: Upstream kernel

EPSS 0.02% · 3.5th percentile

Risk Scores

CVSS 3.1
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score
0.02%
3.5th percentile

Affected Products

VendorProductVersions
googleandroid
n/aAndroidAndroid kernel

Exploit Intelligence

Timeline

  • Sep 7, 2022 CVE Published
  • Sep 14, 2022 EPSS Score
  • Sep 17, 2022 EPSS Score
  • Oct 29, 2022 EPSS Score
  • Dec 13, 2022 EPSS Score
  • Jan 27, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Mar 13, 2023 EPSS Score
  • Apr 27, 2023 EPSS Score
  • Jul 26, 2023 EPSS Score
  • Sep 9, 2023 EPSS Score
  • Oct 24, 2023 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›