Lucene search

[email protected]NVD:CVE-2023-21134

HistoryAug 14, 2023 - 9:15 p.m.

CVE-2023-21134

2023-08-1421:15:11

CWE-862

[email protected]

web.nvd.nist.gov

cve-2023-21134

managepermissionsactivity.java

factory reset

local escalation of privilege

6.8 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.0005 Low

EPSS

Percentile

17.8%

JSON

In onCreate of ManagePermissionsActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with physical access to a device that’s been factory reset with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected configurations

NVD

Node

googleandroidMatch12.0-

googleandroidMatch12.1-

googleandroidMatch13.0-

References

android.googlesource.com/platform/packages/modules/Permission/+/0679e4f35055729be7276536fe45fe8ec18a0453

source.android.com/security/bulletin/2023-08-01

6.8 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.0005 Low

EPSS

Percentile

17.8%

JSON

Related for NVD:CVE-2023-21134

cnvd1 cve1 prion1 osv1 cvelist1