First published: Mon Jun 06 2022(Updated: )
In startLegacyVpnPrivileged of Vpn.java, there is a possible way to retrieve VPN credentials due to a protocol downgrade attack. This could lead to remote escalation of privilege if a malicious Wi-Fi AP is used, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-201660636
Credit: security@android.com
Affected Software | Affected Version | How to fix |
---|---|---|
Google Android | =11.0 | |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.