Possible permission bypass in callCallbackForRequest of ConnectivityService.java leading to local information disclosure of current SSID

Possible permission bypass in callCallbackForRequest of ConnectivityService.java leading to local information disclosure of current SSID

CVE-2020-0454 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

In callCallbackForRequest of ConnectivityService.java, there is a possible permission bypass due to a missing permission check. This could lead to local information disclosure of the current SSID with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9Android ID: A-161370134

Learn more about our Cis Benchmark Audit For Google Android.