CVE-2019-9414
MEDIUMAndroid 10 - Man-in-the-Middle via Improper Certificate BasicConstraints Validation
Title source: llmDescription
In wpa_supplicant, there is a possible man in the middle vulnerability due to improper input validation of the basicConstraints field of intermediary certificates. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111893041
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://source.android.com/security/bulletin/android-10
Scores
CVSS v3
5.9
EPSS
0.0056
EPSS Percentile
42.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-20
Status
published
Products (1)
google/android
10.0
Published
Sep 27, 2019
Tracked Since
Feb 18, 2026