5.5

CVE-2021-39773

EPSS 0.02%
Veröffentlicht 30.03.2022 16:15:10
Zuletzt bearbeitet 21.11.2024 06:20:12
Quelle security@android.com
CVE-Watchlists
Login
Unerledigt
Login

In VpnManagerService, there is a possible disclosure of installed VPN packages due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-191276656

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Google ≫ Android Version12.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.02

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:P/I:N/A:N

CWE-203 Observable Discrepancy

The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor.

https://source.android.com/security/bulletin/android-12l

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-39773

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-39773

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-39773

EUVD