CVE-2022-20081
MEDIUMAndroid - Man-in-the-Middle Attack via Improper Certificate Validation in A-GPS
Title source: llmDescription
In A-GPS, there is a possible man in the middle attack due to improper certificate validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06461919; Issue ID: ALPS06461919.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://corp.mediatek.com/product-security-bulletin/April-2022
Scores
CVSS v3
5.9
EPSS
0.0051
EPSS Percentile
39.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-295
Status
published
Products (3)
google/android
10.0
google/android
11.0
google/android
12.0
Published
Apr 11, 2022
Tracked Since
Feb 18, 2026