Lucene search
Google_androidCVE-2023-21251HistoryJul 13, 2023 - 12:15 a.m.
CVE-2023-21251
2023-07-1300:15:23
CWE-20
google_android
web.nvd.nist.gov
67
cve-2023-21251
oncreate
confirmdialog.java
input validation
local escalation
privilege
user interaction
CVSS3
7.3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
EPSS
0
Percentile
5.1%
In onCreate of ConfirmDialog.java, there is a possible way to connect to VNP bypassing user’s consent due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.
Affected configurations
Node
googleandroidMatch11.0
ORgoogleandroidMatch12.0
ORgoogleandroidMatch13.0
ORgoogleandroidMatch13.1
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "13"
},
{
"status": "affected",
"version": "12L"
},
{
"status": "affected",
"version": "12"
},
{
"status": "affected",
"version": "11"
}
]
}
]Related
nvd
nvd
CVE-2023-21251
2023-07-13 00:15:23
osv
osv
Html Injection in Vpn ConfirmDialog
2023-07-01 00:00:00
cvelist
cvelist
CVE-2023-21251
2023-07-12 23:32:23
prion
prion
Input validation
2023-07-13 00:15:00
CVSS3
7.3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
EPSS
0
Percentile
5.1%
Related for CVE-2023-21251