GHSA-9q4r-5p5v-23xq
GitHub Security Advisory
⚠ Unreviewed
CRITICAL
Has CVE
Advisory Details
In startLegacyVpnPrivileged of Vpn.java, there is a possible way to retrieve VPN credentials due to a protocol downgrade attack. This could lead to remote escalation of privilege if a malicious Wi-Fi AP is used, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-201660636
Related CVEs
Key Information
9.0
/10
Dataset
Last updated: June 14, 2025 6:24 AM
Data from GitHub Advisory Database. This information is provided for research and educational purposes.