CVE-2022-20081

Summary

In A-GPS, there is a possible man in the middle attack due to improper certificate validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06461919; Issue ID: ALPS06461919.

Affected Software

VendorProductVersion RangeStatus
MediaTek, Inc.MT6580, MT6735, MT6737, MT6739, MT6753, MT6761, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6873, MT6877, MT6879, MT6883, MT6885, MT6889, MT6893, MT6895, MT6983, MT8666, MT8667, MT8675Android 10.0, 11.0, 12.0affected

Weaknesses

  • Information Disclosure

ADP Enrichment

CVE Program Container

Additional References

References