CVE-2018-9438

EUVD-2018-21032
When a device connects only over WiFi VPN, the device may not receive security updates due to some incorrect checks. This could lead to a local denial of service of security updates with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.1 Android ID: A-78644887.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 5%
Affected Products (NVD)
VendorProductVersion
googleandroid
8.1
𝑥
= Vulnerable software versions
References
http://www.securitytracker.com/id/1041432
https://source.android.com/security/bulletin/2018-08-01
http://www.securitytracker.com/id/1041432
https://source.android.com/security/bulletin/2018-08-01