← voltar
CVE-2023-48418

User Build misconfiguration resulting in local escalation of privilege

CVSS 10 CRITICALEPSS 0.2%CWE-269
In checkDebuggingDisallowed of DeviceVersionFragment.java, there is a     possible way to access adb before SUW completion due to an insecure default     value. This could lead to local escalation of privilege with no additional     execution privileges needed. User interaction is not needed for     exploitation
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Produtos afetados
Google · Pixel Watch

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://packetstormsecurity.com/files/176446/Android-DeviceVersionFragment.java-Privilege-Escalation.htmlhttps://source.android.com/docs/security/bulletin/pixel-watch/2023/2023-12-01