Lucene search

Google_androidCVE-2023-21114

HistoryJul 09, 2024 - 9:15 p.m.

CVE-2023-21114

2024-07-0921:15:10

CWE-269

google_android

web.nvd.nist.gov

178

cve-2023-21114

reserved

security problem announcement

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.8

Confidence

High

EPSS

Percentile

15.8%

JSON

In multiple locations, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected configurations

Vulners

Vulnrichment

Node

googleandroidMatch13

VendorProductVersionCPE
googleandroid13cpe:2.3:o:google:android:13:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
google	android	13	cpe:2.3:o:google:android:13:::::::*

CNA Affected

[
  {
    "vendor": "Google",
    "product": "Android",
    "versions": [
      {
        "version": "13",
        "status": "affected"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

android.googlesource.com/platform/packages/modules/Wifi/+/e6ca0c031758d8b1511f6a359bec316b6d2e22fe

android.googlesource.com/platform/packages/modules/Wifi/+/f39ed052916716ef974102b3bad7ae102d0164a5

android.googlesource.com/platform/packages/modules/Wifi/+/f88a2294f53cf382908cc48f992273742f817dd5

source.android.com/security/bulletin/2024-06-01

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.8

Confidence

High

EPSS

Percentile

15.8%

JSON

Related for CVE-2023-21114