1. CVE-Search
  2. CVE-2020-0028
ID CVE-2020-0028
Summary In notifyNetworkTested and related functions of NetworkMonitor.java, there is a possible bypass of private DNS settings. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9Android ID: A-122652057
References
Vulnerable Configurations
  • cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*
    cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*
CVSS
Base: 7.1 (as of 14-09-2021 - 12:44)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE NONE NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:N/A:N
refmap via4
misc https://source.android.com/security/bulletin/2020-02-01
Last major update 14-09-2021 - 12:44
Published 13-02-2020 - 15:15
Last modified 14-09-2021 - 12:44
Back to Top